Malicious Javascript from MYOB Email Attack | Grouped Behavior
Try VMRay Analyzer
Monitored Processes
Behavior Information - Grouped by Category
Process #1: cscript.exe
(Host: 258, Network: 6)
+
Information Value
ID #1
File Name c:\windows\system32\cscript.exe
Command Line "C:\Windows\System32\CScript.exe" "C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:10, Reason: Analysis Target
Unmonitor End Time: 00:10:13, Reason: Terminated by Timeout
Monitor Duration 00:10:03
OS Process Information
+
Information Value
PID 0x9a8
Parent PID 0x55c (c:\windows\explorer.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Groups
  • XDUWTFONO\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001076e (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 9AC
0x 9C0
0x 9C4
0x 9C8
0x 9CC
0x 9D0
0x 9D4
0x 9D8
0x 9E8
0x 9EC
0x 9F8
0x A10
0x A14
0x AA0
0x AA4
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable True False False
pagefile_0x0000000000040000 0x00040000 0x00046fff Pagefile Backed Memory Readable True False False
pagefile_0x0000000000050000 0x00050000 0x00051fff Pagefile Backed Memory Readable, Writable True False False
cscript.exe.mui 0x00060000 0x00062fff Memory Mapped File Readable, Writable False False False
private_0x0000000000070000 0x00070000 0x00070fff Private Memory Readable, Writable True True False
private_0x0000000000080000 0x00080000 0x00080fff Private Memory Readable, Writable True True False
private_0x0000000000090000 0x00090000 0x0018ffff Private Memory Readable, Writable True True False
locale.nls 0x00190000 0x001f6fff Memory Mapped File Readable False False False
rpcss.dll 0x00200000 0x0027cfff Memory Mapped File Readable False False False
rpcss.dll 0x00200000 0x0027cfff Memory Mapped File Readable False False False
cscript.exe 0x00200000 0x00213fff Memory Mapped File Readable True False False
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory Readable True False False
pagefile_0x0000000000230000 0x00230000 0x00230fff Pagefile Backed Memory Readable True False False
pagefile_0x0000000000240000 0x00240000 0x00241fff Pagefile Backed Memory Readable True False False
rsaenh.dll 0x00240000 0x00284fff Memory Mapped File Readable False False False
rsaenh.dll 0x00240000 0x00284fff Memory Mapped File Readable False False False
private_0x0000000000240000 0x00240000 0x0024ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000250000 0x00250000 0x00251fff Pagefile Backed Memory Readable True False False
tzres.dll 0x00250000 0x00250fff Memory Mapped File Readable False False False
wshom.ocx 0x00250000 0x00263fff Memory Mapped File Readable True False False
msxml3r.dll 0x00270000 0x00270fff Memory Mapped File Readable False False False
msxml3.dll 0x00280000 0x0029afff Memory Mapped File Readable False False False
pagefile_0x00000000002a0000 0x002a0000 0x002a1fff Pagefile Backed Memory Readable True False False
private_0x00000000002b0000 0x002b0000 0x002bffff Private Memory Readable, Writable True True False
windowsshell.manifest 0x002c0000 0x002c0fff Memory Mapped File Readable False False False
pagefile_0x00000000002c0000 0x002c0000 0x002c0fff Pagefile Backed Memory Readable, Writable True False False
pagefile_0x00000000002d0000 0x002d0000 0x002d1fff Pagefile Backed Memory Readable True False False
index.dat 0x002e0000 0x002ebfff Memory Mapped File Readable, Writable True False False
index.dat 0x002f0000 0x002f7fff Memory Mapped File Readable, Writable True False False
index.dat 0x00300000 0x0030ffff Memory Mapped File Readable, Writable True False False
private_0x0000000000310000 0x00310000 0x0032ffff Private Memory - True True False
private_0x0000000000330000 0x00330000 0x00330fff Private Memory Readable, Writable True True False
private_0x0000000000350000 0x00350000 0x0044ffff Private Memory Readable, Writable True True False
private_0x0000000000450000 0x00450000 0x0054ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000550000 0x00550000 0x006d7fff Pagefile Backed Memory Readable True False False
pagefile_0x00000000006e0000 0x006e0000 0x00860fff Pagefile Backed Memory Readable True False False
pagefile_0x0000000000870000 0x00870000 0x01c6ffff Pagefile Backed Memory Readable True False False
private_0x0000000001c70000 0x01c70000 0x01e5ffff Private Memory Readable, Writable True True False
pagefile_0x0000000001c70000 0x01c70000 0x01d4efff Pagefile Backed Memory Readable True False False
private_0x0000000001d50000 0x01d50000 0x01daffff Private Memory Readable, Writable True True False
private_0x0000000001d80000 0x01d80000 0x01d8ffff Private Memory Readable, Writable True True False
private_0x0000000001da0000 0x01da0000 0x01daffff Private Memory Readable, Writable True True False
private_0x0000000001de0000 0x01de0000 0x01e5ffff Private Memory Readable, Writable True True False
private_0x0000000001e60000 0x01e60000 0x01f5ffff Private Memory Readable, Writable True True False
private_0x0000000001f80000 0x01f80000 0x0207ffff Private Memory Readable, Writable True True False
sortdefault.nls 0x02080000 0x0234efff Memory Mapped File Readable False False False
private_0x0000000002350000 0x02350000 0x023fffff Private Memory Readable, Writable, Executable True True False
private_0x0000000002400000 0x02400000 0x024fffff Private Memory Readable, Writable True True False
private_0x0000000002510000 0x02510000 0x0260ffff Private Memory Readable, Writable True True False
pagefile_0x0000000002610000 0x02610000 0x0360ffff Pagefile Backed Memory Readable, Writable True False False
private_0x0000000003640000 0x03640000 0x0373ffff Private Memory Readable, Writable True True False
private_0x0000000003740000 0x03740000 0x0392ffff Private Memory Readable, Writable True True False
private_0x0000000003740000 0x03740000 0x0383ffff Private Memory Readable, Writable True True False
private_0x0000000003840000 0x03840000 0x038fffff Private Memory Readable, Writable True True False
private_0x0000000003920000 0x03920000 0x0392ffff Private Memory Readable, Writable True True False
private_0x00000000039e0000 0x039e0000 0x03adffff Private Memory Readable, Writable True True False
private_0x0000000003af0000 0x03af0000 0x03beffff Private Memory Readable, Writable True True False
kernelbase.dll.mui 0x03bf0000 0x03caffff Memory Mapped File Readable, Writable False False False
private_0x0000000003cc0000 0x03cc0000 0x03dbffff Private Memory Readable, Writable True True False
pagefile_0x0000000003dc0000 0x03dc0000 0x041b2fff Pagefile Backed Memory Readable True False False
private_0x00000000041c0000 0x041c0000 0x043bffff Private Memory Readable, Writable True True False
private_0x00000000043c0000 0x043c0000 0x047bffff Private Memory Readable, Writable True True False
private_0x00000000047c0000 0x047c0000 0x049bffff Private Memory Readable, Writable True True False
private_0x00000000049c0000 0x049c0000 0x04ac0fff Private Memory Readable, Writable True True False
private_0x0000000004b10000 0x04b10000 0x0530ffff Private Memory Readable, Writable True True False
private_0x0000000005310000 0x05310000 0x0570ffff Private Memory Readable, Writable True True False
private_0x0000000005710000 0x05710000 0x0595ffff Private Memory Readable, Writable True True False
private_0x0000000005710000 0x05710000 0x0584ffff Private Memory Readable, Writable True True False
private_0x00000000058e0000 0x058e0000 0x0595ffff Private Memory Readable, Writable True True False
private_0x00000000059a0000 0x059a0000 0x0696ffff Private Memory Readable, Writable True False False
private_0x0000000006970000 0x06970000 0x0716ffff Private Memory Readable, Writable True True False
private_0x0000000007170000 0x07170000 0x0731ffff Private Memory Readable, Writable True True False
private_0x0000000007170000 0x07170000 0x0727ffff Private Memory Readable, Writable True True False
private_0x00000000072a0000 0x072a0000 0x0731ffff Private Memory Readable, Writable True True False
private_0x0000000007320000 0x07320000 0x0757ffff Private Memory Readable, Writable True True False
private_0x0000000007320000 0x07320000 0x0747ffff Private Memory Readable, Writable True True False
private_0x0000000007500000 0x07500000 0x0757ffff Private Memory Readable, Writable True True False
private_0x0000000007580000 0x07580000 0x0767ffff Private Memory Readable, Writable True True False
private_0x0000000007680000 0x07680000 0x0864ffff Private Memory Readable, Writable True False False
private_0x0000000008650000 0x08650000 0x09050fff Private Memory Readable, Writable True False False
private_0x0000000009060000 0x09060000 0x0a02ffff Private Memory Readable, Writable True False False
private_0x000000000a030000 0x0a030000 0x0affffff Private Memory Readable, Writable True False False
private_0x000000000b000000 0x0b000000 0x0b3fffff Private Memory Readable, Writable True True False
pagefile_0x000000000b400000 0x0b400000 0x0b742fff Pagefile Backed Memory Readable True False False
private_0x000000000b750000 0x0b750000 0x0b8effff Private Memory Readable, Writable True True False
private_0x000000000b7b0000 0x0b7b0000 0x0b8affff Private Memory Readable, Writable True True False
private_0x000000000b900000 0x0b900000 0x0b9fffff Private Memory Readable, Writable True True False
private_0x000000000ba00000 0x0ba00000 0x0bbeffff Private Memory Readable, Writable True True False
private_0x000000000baa0000 0x0baa0000 0x0bb1ffff Private Memory Readable, Writable True True False
private_0x000000000bbe0000 0x0bbe0000 0x0bbeffff Private Memory Readable, Writable True True False
private_0x000000000bbf0000 0x0bbf0000 0x0bceffff Private Memory Readable, Writable True True False
private_0x000000000bdb0000 0x0bdb0000 0x0beaffff Private Memory Readable, Writable True True False
private_0x000000000beb0000 0x0beb0000 0x0bfaffff Private Memory Readable, Writable True True False
private_0x000000000bfd0000 0x0bfd0000 0x0c0cffff Private Memory Readable, Writable True True False
private_0x000000000c0d0000 0x0c0d0000 0x0c1cffff Private Memory Readable, Writable True True False
private_0x000000000c1d0000 0x0c1d0000 0x0c3cffff Private Memory Readable, Writable True True False
private_0x000000000c3d0000 0x0c3d0000 0x0c4cffff Private Memory Readable, Writable True True False
private_0x000000000c4d0000 0x0c4d0000 0x0c5cffff Private Memory Readable, Writable True True False
private_0x000000000c6f0000 0x0c6f0000 0x0c7effff Private Memory Readable, Writable True True False
user32.dll 0x76b70000 0x76c69fff Memory Mapped File Readable, Writable, Executable False False False
kernel32.dll 0x76c70000 0x76d8efff Memory Mapped File Readable, Writable, Executable False False False
ntdll.dll 0x76d90000 0x76f38fff Memory Mapped File Readable, Writable, Executable False False False
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
cscript.exe 0xffa20000 0xffa48fff Memory Mapped File Readable, Writable, Executable True False False
jscript.dll 0x7fef2fe0000 0x7fef30c2fff Memory Mapped File Readable, Writable, Executable True False False
msxml3.dll 0x7fef3650000 0x7fef3823fff Memory Mapped File Readable, Writable, Executable False False False
scrobj.dll 0x7fef3a00000 0x7fef3a3bfff Memory Mapped File Readable, Writable, Executable True False False
comctl32.dll 0x7fef3a40000 0x7fef3adffff Memory Mapped File Readable, Writable, Executable False False False
scrrun.dll 0x7fef3b40000 0x7fef3b73fff Memory Mapped File Readable, Writable, Executable False False False
rasapi32.dll 0x7fef4f10000 0x7fef4f71fff Memory Mapped File Readable, Writable, Executable False False False
wshom.ocx 0x7fef73f0000 0x7fef7417fff Memory Mapped File Readable, Writable, Executable True False False
wshext.dll 0x7fef7420000 0x7fef743cfff Memory Mapped File Readable, Writable, Executable True False False
msisip.dll 0x7fef74e0000 0x7fef74eafff Memory Mapped File Readable, Writable, Executable False False False
mpr.dll 0x7fef9be0000 0x7fef9bf7fff Memory Mapped File Readable, Writable, Executable False False False
dwmapi.dll 0x7fefa710000 0x7fefa727fff Memory Mapped File Readable, Writable, Executable False False False
uxtheme.dll 0x7fefaaf0000 0x7fefab45fff Memory Mapped File Readable, Writable, Executable False False False
winnsi.dll 0x7fefb360000 0x7fefb36afff Memory Mapped File Readable, Writable, Executable False False False
iphlpapi.dll 0x7fefb370000 0x7fefb396fff Memory Mapped File Readable, Writable, Executable False False False
comctl32.dll 0x7fefb5f0000 0x7fefb7e3fff Memory Mapped File Readable, Writable, Executable False False False
ntmarta.dll 0x7fefbcd0000 0x7fefbcfcfff Memory Mapped File Readable, Writable, Executable False False False
version.dll 0x7fefbea0000 0x7fefbeabfff Memory Mapped File Readable, Writable, Executable False False False
rsaenh.dll 0x7fefc2d0000 0x7fefc316fff Memory Mapped File Readable, Writable, Executable False False False
dnsapi.dll 0x7fefc3f0000 0x7fefc44afff Memory Mapped File Readable, Writable, Executable False False False
cryptsp.dll 0x7fefc5d0000 0x7fefc5e6fff Memory Mapped File Readable, Writable, Executable False False False
sspicli.dll 0x7fefcba0000 0x7fefcbc4fff Memory Mapped File Readable, Writable, Executable False False False
cryptbase.dll 0x7fefcbd0000 0x7fefcbdefff Memory Mapped File Readable, Writable, Executable False False False
sxs.dll 0x7fefcbe0000 0x7fefcc70fff Memory Mapped File Readable, Writable, Executable False False False
rpcrtremote.dll 0x7fefccc0000 0x7fefccd3fff Memory Mapped File Readable, Writable, Executable False False False
profapi.dll 0x7fefcce0000 0x7fefcceefff Memory Mapped File Readable, Writable, Executable False False False
msasn1.dll 0x7fefcd80000 0x7fefcd8efff Memory Mapped File Readable, Writable, Executable False False False
wintrust.dll 0x7fefce30000 0x7fefce69fff Memory Mapped File Readable, Writable, Executable False False False
crypt32.dll 0x7fefce90000 0x7fefcff6fff Memory Mapped File Readable, Writable, Executable False False False
kernelbase.dll 0x7fefd000000 0x7fefd06afff Memory Mapped File Readable, Writable, Executable False False False
urlmon.dll 0x7fefd0b0000 0x7fefd227fff Memory Mapped File Readable, Writable, Executable False False False
comdlg32.dll 0x7fefd230000 0x7fefd2c6fff Memory Mapped File Readable, Writable, Executable False False False
clbcatq.dll 0x7fefd350000 0x7fefd3e8fff Memory Mapped File Readable, Writable, Executable False False False
wldap32.dll 0x7fefd3f0000 0x7fefd441fff Memory Mapped File Readable, Writable, Executable False False False
shell32.dll 0x7fefd450000 0x7fefe1d7fff Memory Mapped File Readable, Writable, Executable False False False
iertutil.dll 0x7fefe1e0000 0x7fefe438fff Memory Mapped File Readable, Writable, Executable False False False
rpcrt4.dll 0x7fefe440000 0x7fefe56cfff Memory Mapped File Readable, Writable, Executable False False False
ole32.dll 0x7fefe570000 0x7fefe772fff Memory Mapped File Readable, Writable, Executable False False False
advapi32.dll 0x7fefe780000 0x7fefe85afff Memory Mapped File Readable, Writable, Executable False False False
msctf.dll 0x7fefe860000 0x7fefe968fff Memory Mapped File Readable, Writable, Executable False False False
msvcrt.dll 0x7fefe970000 0x7fefea0efff Memory Mapped File Readable, Writable, Executable False False False
oleaut32.dll 0x7fefea10000 0x7fefeae6fff Memory Mapped File Readable, Writable, Executable False False False
lpk.dll 0x7fefeaf0000 0x7fefeafdfff Memory Mapped File Readable, Writable, Executable False False False
gdi32.dll 0x7fefeb00000 0x7fefeb66fff Memory Mapped File Readable, Writable, Executable False False False
shlwapi.dll 0x7fefeb70000 0x7fefebe0fff Memory Mapped File Readable, Writable, Executable False False False
usp10.dll 0x7fefec10000 0x7fefecd8fff Memory Mapped File Readable, Writable, Executable False False False
imm32.dll 0x7fefeec0000 0x7fefeeedfff Memory Mapped File Readable, Writable, Executable False False False
nsi.dll 0x7fefeef0000 0x7fefeef7fff Memory Mapped File Readable, Writable, Executable False False False
sechost.dll 0x7fefef00000 0x7fefef1efff Memory Mapped File Readable, Writable, Executable False False False
wininet.dll 0x7fefef20000 0x7feff049fff Memory Mapped File Readable, Writable, Executable False False False
ws2_32.dll 0x7feff050000 0x7feff09cfff Memory Mapped File Readable, Writable, Executable False False False
apisetschema.dll 0x7feff0b0000 0x7feff0b0fff Memory Mapped File Readable, Writable, Executable False False False
private_0x000007fffffa0000 0x7fffffa0000 0x7fffffa1fff Private Memory Readable, Writable True True False
private_0x000007fffffa2000 0x7fffffa2000 0x7fffffa3fff Private Memory Readable, Writable True True False
private_0x000007fffffa4000 0x7fffffa4000 0x7fffffa5fff Private Memory Readable, Writable True True False
private_0x000007fffffa6000 0x7fffffa6000 0x7fffffa7fff Private Memory Readable, Writable True True False
private_0x000007fffffa8000 0x7fffffa8000 0x7fffffa9fff Private Memory Readable, Writable True True False
private_0x000007fffffaa000 0x7fffffaa000 0x7fffffabfff Private Memory Readable, Writable True True False
private_0x000007fffffac000 0x7fffffac000 0x7fffffadfff Private Memory Readable, Writable True True False
private_0x000007fffffae000 0x7fffffae000 0x7fffffaffff Private Memory Readable, Writable True True False
pagefile_0x000007fffffb0000 0x7fffffb0000 0x7fffffd2fff Pagefile Backed Memory Readable True False False
private_0x000007fffffd3000 0x7fffffd3000 0x7fffffd4fff Private Memory Readable, Writable True True False
private_0x000007fffffd5000 0x7fffffd5000 0x7fffffd6fff Private Memory Readable, Writable True True False
private_0x000007fffffd7000 0x7fffffd7000 0x7fffffd7fff Private Memory Readable, Writable True True False
private_0x000007fffffd8000 0x7fffffd8000 0x7fffffd9fff Private Memory Readable, Writable True True False
private_0x000007fffffda000 0x7fffffda000 0x7fffffdbfff Private Memory Readable, Writable True True False
private_0x000007fffffdc000 0x7fffffdc000 0x7fffffddfff Private Memory Readable, Writable True True False
private_0x000007fffffde000 0x7fffffde000 0x7fffffdffff Private Memory Readable, Writable True True False
For performance reasons, the remaining 52 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\5p5nrg~1\appdata\local\temp\pst790mv.exe 505.50 KB (517632 bytes) MD5: 39dbb6858f88f7059a28700384c4d0f3
SHA1: fabec36aedbccf2c7a5b0c0e7e8ec7ea64a6a505
SHA256: dc83d603a4589aa8397aba960b132fc7cae24cd7bca4d252616aac2c11beb6f6
False
Host Behavior
COM (8)
+
Operation Class Interface Additional Information Success Count Logfile
Create F414C260-6AC0-11CF-B6D1-00AA00BBBB58 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Create 00000323-0000-0000-C000-000000000046 00000146-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 6C736DB1-BD94-11D0-8A23-00AA00B58E10 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create 06290BD1-48AA-11D2-8432-006008C3FBFC E4D1C9B0-46E8-11D4-A2A6-00104BD35090 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create WScript.Shell IClassFactory cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER False 1
Fn
Create MSXML2.XMLHTTP IClassFactory cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Create ADODB.Stream IClassFactory cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Execute MSXML2.XMLHTTP IDispatch method_name = Open True 1
Fn
File (8)
+
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5P5NRG~1\AppData\Local\Temp/pST790mv.exe - True 1
Fn
Get Info C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS type = size True 1
Fn
Get Info C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS type = size True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Read C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS size = 7318, size_out = 7318 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 108 True 1
Fn
Data
Write C:\Users\5P5NRG~1\AppData\Local\Temp/pST790mv.exe size = 517632 True 1
Fn
Data
Registry (30)
+
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings - True 1
Fn
Open Key HKEY_CLASSES_ROOT\.JS - True 1
Fn
Open Key HKEY_CLASSES_ROOT\JSFile\ScriptEngine - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Enabled, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = IgnoreUserSettings, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = TrustPolicy, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = UseWINSAFER, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 1, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = Timeout, data = 192, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings value_name = DisplayLogo, data = 49, type = REG_NONE False 1
Fn
Read Value HKEY_CLASSES_ROOT\.JS data = JSFile, type = REG_SZ True 1
Fn
Read Value HKEY_CLASSES_ROOT\JSFile\ScriptEngine data = JScript, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 value_name = COM+Enabled, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Process (1)
+
Operation Process Additional Information Success Count Logfile
Create C:\Users\5P5NRG~1\AppData\Local\Temp/pST790mv.exe show_window = SW_HIDE True 1
Fn
Module (30)
+
Operation Module Additional Information Success Count Logfile
Load kernel32.dll base_address = 0x76c70000 True 2
Fn
Load ADVAPI32.dll base_address = 0x7fefe780000 True 1
Fn
Load ole32.dll base_address = 0x7fefe570000 True 1
Fn
Load C:\Windows\system32\advapi32.dll base_address = 0x7fefe780000 True 1
Fn
Load shell32.dll base_address = 0x7fefd450000 True 1
Fn
Get Handle c:\windows\system32\cscript.exe base_address = 0xffa20000 True 2
Fn
Get Handle c:\windows\system32\ole32.dll base_address = 0x7fefe570000 True 2
Fn
Get Filename c:\windows\system32\cscript.exe process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 True 1
Fn
Get Filename - process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 260 True 1
Fn
Get Filename - process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76c86d40 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = HeapSetInformation, address_out = 0x76c8c4a0 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = RegisterTraceGuidsA, address_out = 0x76daf570 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = RegOpenKeyExA, address_out = 0x7fefe79b5f0 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = RegQueryValueExA, address_out = 0x7fefe79c480 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = RegCloseKey, address_out = 0x7fefe7a0710 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoGetObjectContext, address_out = 0x7fefe58c920 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoCreateInstance, address_out = 0x7fefe597490 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferIdentifyLevel, address_out = 0x7fefe79e470 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferComputeTokenFromLevel, address_out = 0x7fefe79f9b0 True 1
Fn
Get Address c:\windows\system32\advapi32.dll function = SaferCloseLevel, address_out = 0x7fefe79f660 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CLSIDFromProgIDEx, address_out = 0x7fefe58a4c4 True 1
Fn
Get Address c:\windows\system32\ole32.dll function = CoGetClassObject, address_out = 0x7fefe5a2e18 True 1
Fn
Get Address c:\windows\system32\cscript.exe function = 1, address_out = 0xffa21a60 True 1
Fn
Get Address c:\windows\system32\shell32.dll function = ShellExecuteExW, address_out = 0x7fefd477c70 True 1
Fn
Create Mapping C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS filename = C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS, protection = PAGE_READONLY, maximum_size = 7318 True 1
Fn
Map C:\Users\5P5NRG~1\Desktop\MYOBSU~1.JS process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ True 1
Fn
Window (1)
+
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WSH-Timer, wndproc_parameter = 2840848 True 1
Fn
System (175)
+
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) True 2
Fn
Get Time type = System Time, time = 1627-01-20 17:42:50 (UTC) True 4
Fn
Get Time type = Ticks, time = 79170 True 1
Fn
Get Time type = Ticks, time = 79482 True 1
Fn
Get Time type = Ticks, time = 79498 True 2
Fn
Get Time type = Ticks, time = 79685 True 1
Fn
Get Time type = Ticks, time = 79700 True 1
Fn
Get Time type = System Time, time = 2017-11-07 19:24:20 (UTC) True 1
Fn
Get Time type = Ticks, time = 79794 True 1
Fn
Get Time type = Ticks, time = 79810 True 35
Fn
Get Time type = Ticks, time = 79825 True 11
Fn
Get Time type = Ticks, time = 79841 True 6
Fn
Get Time type = Ticks, time = 79856 True 5
Fn
Get Time type = Ticks, time = 79872 True 2
Fn
Get Time type = Ticks, time = 79888 True 4
Fn
Get Time type = Ticks, time = 79903 True 2
Fn
Get Time type = Ticks, time = 79919 True 4
Fn
Get Time type = Ticks, time = 79934 True 2
Fn
Get Time type = Ticks, time = 79950 True 2
Fn
Get Time type = Ticks, time = 79966 True 1
Fn
Get Time type = Ticks, time = 79981 True 3
Fn
Get Time type = Ticks, time = 79997 True 1
Fn
Get Time type = Ticks, time = 80012 True 3
Fn
Get Time type = Ticks, time = 80028 True 3
Fn
Get Time type = Ticks, time = 80044 True 3
Fn
Get Time type = Ticks, time = 80075 True 2
Fn
Get Time type = Ticks, time = 80106 True 2
Fn
Get Time type = Ticks, time = 80122 True 1
Fn
Get Time type = Ticks, time = 80137 True 1
Fn
Get Time type = Ticks, time = 80153 True 1
Fn
Get Time type = Ticks, time = 80168 True 1
Fn
Get Time type = Ticks, time = 80184 True 1
Fn
Get Time type = Ticks, time = 80215 True 1
Fn
Get Time type = Ticks, time = 80231 True 1
Fn
Get Time type = Ticks, time = 80246 True 2
Fn
Get Time type = Ticks, time = 80262 True 2
Fn
Get Time type = Ticks, time = 80278 True 1
Fn
Get Time type = Ticks, time = 80324 True 1
Fn
Get Time type = Ticks, time = 80356 True 1
Fn
Get Time type = Ticks, time = 80387 True 1
Fn
Get Time type = Ticks, time = 80418 True 1
Fn
Get Time type = Ticks, time = 80449 True 1
Fn
Get Time type = Ticks, time = 80480 True 1
Fn
Get Time type = Ticks, time = 80512 True 1
Fn
Get Time type = Ticks, time = 80543 True 1
Fn
Get Time type = Ticks, time = 80574 True 1
Fn
Get Time type = Ticks, time = 80605 True 1
Fn
Get Time type = Ticks, time = 80636 True 1
Fn
Get Time type = Ticks, time = 80683 True 1
Fn
Get Time type = Ticks, time = 80714 True 1
Fn
Get Time type = Ticks, time = 80761 True 1
Fn
Get Time type = Ticks, time = 80808 True 1
Fn
Get Time type = Ticks, time = 80839 True 1
Fn
Get Time type = Ticks, time = 80948 True 1
Fn
Get Time type = Ticks, time = 81089 True 1
Fn
Get Time type = Ticks, time = 81182 True 1
Fn
Get Time type = Ticks, time = 81260 True 1
Fn
Get Time type = Ticks, time = 81354 True 1
Fn
Get Time type = Ticks, time = 81416 True 1
Fn
Get Time type = Ticks, time = 81479 True 1
Fn
Get Time type = Ticks, time = 81557 True 1
Fn
Get Time type = Ticks, time = 81619 True 1
Fn
Get Time type = Ticks, time = 81697 True 1
Fn
Get Time type = Ticks, time = 81760 True 1
Fn
Get Time type = Ticks, time = 81838 True 1
Fn
Get Time type = Ticks, time = 81916 True 1
Fn
Get Time type = Ticks, time = 81978 True 1
Fn
Get Time type = Ticks, time = 82056 True 1
Fn
Get Time type = Ticks, time = 82134 True 1
Fn
Get Time type = Ticks, time = 82228 True 1
Fn
Get Time type = Ticks, time = 82462 True 1
Fn
Get Time type = Ticks, time = 82618 True 1
Fn
Get Time type = Ticks, time = 82789 True 1
Fn
Get Time type = Ticks, time = 82961 True 1
Fn
Get Time type = Ticks, time = 83210 True 1
Fn
Get Time type = Ticks, time = 83382 True 1
Fn
Get Time type = Ticks, time = 83460 True 1
Fn
Get Time type = Ticks, time = 83491 True 1
Fn
Get Time type = Ticks, time = 83507 True 1
Fn
Get Time type = Ticks, time = 83522 True 1
Fn
Get Time type = System Time, time = 1627-01-20 17:42:54 (UTC) True 1
Fn
Get Time type = Ticks, time = 83585 True 1
Fn
Get Time type = Ticks, time = 99606 True 1
Fn
Get Time type = Ticks, time = 99653 True 1
Fn
Get Time type = Ticks, time = 99731 True 1
Fn
Get Time type = Ticks, time = 99762 True 1
Fn
Get Info type = Operating System False 5
Fn
Get Info type = Operating System True 1
Fn
Get Info type = System Directory True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Get Info type = Hardware Information True 1
Fn
Environment (1)
+
Operation Additional Information Success Count Logfile
Get Environment String name = JS_PROFILER False 1
Fn
Network Behavior
HTTP Sessions (1)
+
Information Value
Total Data Sent 0.52 KB (533 bytes)
Total Data Received 505.50 KB (517635 bytes)
Contacted Host Count 1
Contacted Hosts moranaccountants-my.sharepoint.com
HTTP Session #1
+
Information Value
Used COM interface MSXML2.XMLHTTP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Server Name moranaccountants-my.sharepoint.com
Server Port 443
Data Sent 0.52 KB (533 bytes)
Data Received 505.50 KB (517635 bytes)
Operations
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = https, server_name = moranaccountants-my.sharepoint.com, server_port = 443 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx True 1
Fn
Send HTTP Request url = https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09 True 1
Fn
Read Response size_out = 3, data = MZ True 1
Fn
Read Response size_out = 517632 True 1
Fn
Data
Process #3: pst790mv.exe
(Host: 1857, Network: 145)
+
Information Value
ID #3
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\pST790mv.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:35, Reason: Child Process
Unmonitor End Time: 00:10:13, Reason: Terminated by Timeout
Monitor Duration 00:09:38
OS Process Information
+
Information Value
PID 0xaa8
Parent PID 0x9a8 (c:\windows\system32\cscript.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Groups
  • XDUWTFONO\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001076e (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AAC
0x AB4
0x AB8
0x ABC
0x AC0
0x AC4
0x AC8
0x ACC
0x AD0
0x AD4
0x AD8
0x ADC
0x 5B0
0x 834
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False
private_0x0000000000020000 0x00020000 0x0002ffff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True True False
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory Readable, Writable True False False
private_0x0000000000090000 0x00090000 0x0018ffff Private Memory Readable, Writable True False False
pagefile_0x0000000000190000 0x00190000 0x00193fff Pagefile Backed Memory Readable True False False
pagefile_0x00000000001a0000 0x001a0000 0x001a0fff Pagefile Backed Memory Readable True False False
locale.nls 0x001b0000 0x00216fff Memory Mapped File Readable False False False
private_0x0000000000220000 0x00220000 0x00220fff Private Memory Readable, Writable True True False
private_0x0000000000230000 0x00230000 0x002affff Private Memory Readable, Writable True True False
pagefile_0x00000000002b0000 0x002b0000 0x002b6fff Pagefile Backed Memory Readable True False False
pagefile_0x00000000002c0000 0x002c0000 0x002c1fff Pagefile Backed Memory Readable, Writable True False False
oleaccrc.dll 0x002d0000 0x002d0fff Memory Mapped File Readable False False False
private_0x00000000002e0000 0x002e0000 0x002e1fff Private Memory Readable, Writable True True False
private_0x00000000002f0000 0x002f0000 0x002f0fff Private Memory Readable, Writable True True False
pagefile_0x0000000000300000 0x00300000 0x00300fff Pagefile Backed Memory Readable True False False
private_0x0000000000310000 0x00310000 0x0034ffff Private Memory Readable, Writable True False False
private_0x0000000000350000 0x00350000 0x003cffff Private Memory Readable, Writable True True False
pagefile_0x00000000003d0000 0x003d0000 0x00557fff Pagefile Backed Memory Readable True False False
private_0x0000000000560000 0x00560000 0x00560fff Private Memory Readable, Writable, Executable True True False
private_0x0000000000560000 0x00560000 0x00560fff Private Memory Readable, Writable True True False
private_0x0000000000570000 0x00570000 0x0066ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000670000 0x00670000 0x007f0fff Pagefile Backed Memory Readable True False False
pagefile_0x0000000000800000 0x00800000 0x01bfffff Pagefile Backed Memory Readable True False False
private_0x0000000001c00000 0x01c00000 0x01c3ffff Private Memory Readable, Writable True False False
rsaenh.dll 0x01c40000 0x01c7bfff Memory Mapped File Readable False False False
rsaenh.dll 0x01c40000 0x01c7bfff Memory Mapped File Readable False False False
pagefile_0x0000000001c40000 0x01c40000 0x01c40fff Pagefile Backed Memory Readable, Writable True False False
private_0x0000000001c50000 0x01c50000 0x01c8ffff Private Memory Readable, Writable True False False
private_0x0000000001c90000 0x01c90000 0x01c9ffff Private Memory Readable, Writable True True False
private_0x0000000001c90000 0x01c90000 0x01c98fff Private Memory Readable, Writable, Executable True True False
private_0x0000000001c90000 0x01c90000 0x01c99fff Private Memory Readable, Writable, Executable True True False
private_0x0000000001cb0000 0x01cb0000 0x01ceffff Private Memory Readable, Writable True True False
pagefile_0x0000000001cf0000 0x01cf0000 0x020e2fff Pagefile Backed Memory Readable True False False
private_0x00000000020f0000 0x020f0000 0x021bffff Private Memory Readable, Writable True True False
private_0x00000000020f0000 0x020f0000 0x02170fff Private Memory Readable, Writable True True False
private_0x0000000002180000 0x02180000 0x021bffff Private Memory Readable, Writable True True False
private_0x00000000021c0000 0x021c0000 0x021fffff Private Memory Readable, Writable True False False
private_0x0000000002210000 0x02210000 0x0221ffff Private Memory Readable, Writable True True False
pagefile_0x0000000002220000 0x02220000 0x022fefff Pagefile Backed Memory Readable True False False
private_0x0000000002300000 0x02300000 0x023fffff Private Memory Readable, Writable True False False
private_0x0000000002400000 0x02400000 0x024fffff Private Memory Readable, Writable True False False
private_0x0000000002500000 0x02500000 0x025fffff Private Memory Readable, Writable True True False
private_0x0000000002600000 0x02600000 0x026fffff Private Memory Readable, Writable True True False
private_0x0000000002700000 0x02700000 0x02790fff Private Memory Readable, Writable True True False
private_0x00000000027b0000 0x027b0000 0x02881fff Private Memory Readable, Writable, Executable True True False
sortdefault.nls 0x02890000 0x02b5efff Memory Mapped File Readable False False False
private_0x0000000002b60000 0x02b60000 0x02c5ffff Private Memory Readable, Writable True True False
private_0x0000000002c60000 0x02c60000 0x02e5ffff Private Memory Readable, Writable True True False
private_0x0000000002e60000 0x02e60000 0x02fe8fff Private Memory Readable, Writable True True False
private_0x0000000002ff0000 0x02ff0000 0x043f0fff Private Memory Readable, Writable True False False
private_0x0000000004400000 0x04400000 0x04500fff Private Memory Readable, Writable True True False
private_0x0000000004510000 0x04510000 0x04600fff Private Memory Readable, Writable True True False
private_0x0000000004610000 0x04610000 0x04720fff Private Memory Readable, Writable True True False
private_0x0000000004730000 0x04730000 0x048b0fff Private Memory Readable, Writable True True False
private_0x00000000048c0000 0x048c0000 0x049c0fff Private Memory Readable, Writable True True False
private_0x00000000049d0000 0x049d0000 0x04dcffff Private Memory Readable, Writable True True False
private_0x0000000004dd0000 0x04dd0000 0x04e45fff Private Memory Readable, Writable, Executable True True False
private_0x0000000004e50000 0x04e50000 0x0506ffff Private Memory Readable, Writable True True False
private_0x0000000004e50000 0x04e50000 0x04ec5fff Private Memory Readable, Writable True True False
private_0x0000000004ed0000 0x04ed0000 0x04fcffff Private Memory Readable, Writable True False False
private_0x0000000004fd0000 0x04fd0000 0x0501ffff Private Memory Readable, Writable True True False
private_0x0000000004fe0000 0x04fe0000 0x0501ffff Private Memory Readable, Writable True True False
private_0x0000000005030000 0x05030000 0x0506ffff Private Memory Readable, Writable True True False
private_0x0000000005070000 0x05070000 0x0516ffff Private Memory Readable, Writable True False False
private_0x0000000005170000 0x05170000 0x051affff Private Memory Readable, Writable True False False
private_0x00000000051b0000 0x051b0000 0x052affff Private Memory Readable, Writable True False False
private_0x00000000052b0000 0x052b0000 0x052effff Private Memory Readable, Writable True False False
private_0x00000000052f0000 0x052f0000 0x053effff Private Memory Readable, Writable True False False
private_0x0000000005870000 0x05870000 0x058affff Private Memory Readable, Writable True True False
private_0x00000000058c0000 0x058c0000 0x058fffff Private Memory Readable, Writable True True False
private_0x0000000005900000 0x05900000 0x059fffff Private Memory Readable, Writable True True False
private_0x0000000005a00000 0x05a00000 0x05bfffff Private Memory Readable, Writable True True False
private_0x0000000005c00000 0x05c00000 0x05c80fff Private Memory Readable, Writable True True False
pst790mv.exe 0x10000000 0x10082fff Memory Mapped File Readable, Writable, Executable True False False
wshtcpip.dll 0x740d0000 0x740d4fff Memory Mapped File Readable, Writable, Executable False False False
mswsock.dll 0x740e0000 0x7411bfff Memory Mapped File Readable, Writable, Executable False False False
srvcli.dll 0x74120000 0x74138fff Memory Mapped File Readable, Writable, Executable False False False
netapi32.dll 0x74140000 0x74150fff Memory Mapped File Readable, Writable, Executable False False False
gdiplus.dll 0x74160000 0x742effff Memory Mapped File Readable, Writable, Executable False False False
webio.dll 0x742f0000 0x7433efff Memory Mapped File Readable, Writable, Executable False False False
winhttp.dll 0x74340000 0x74397fff Memory Mapped File Readable, Writable, Executable False False False
dnsapi.dll 0x743a0000 0x743e3fff Memory Mapped File Readable, Writable, Executable False False False
dwmapi.dll 0x743f0000 0x74402fff Memory Mapped File Readable, Writable, Executable False False False
uxtheme.dll 0x74410000 0x7448ffff Memory Mapped File Readable, Writable, Executable False False False
wow64cpu.dll 0x744a0000 0x744a7fff Memory Mapped File Readable, Writable, Executable False False False
wow64win.dll 0x744b0000 0x7450bfff Memory Mapped File Readable, Writable, Executable False False False
wow64.dll 0x74510000 0x7454efff Memory Mapped File Readable, Writable, Executable False False False
rsaenh.dll 0x74550000 0x7458afff Memory Mapped File Readable, Writable, Executable False False False
cryptsp.dll 0x74590000 0x745a5fff Memory Mapped File Readable, Writable, Executable False False False
netutils.dll 0x745b0000 0x745b8fff Memory Mapped File Readable, Writable, Executable False False False
cscapi.dll 0x745c0000 0x745cafff Memory Mapped File Readable, Writable, Executable False False False
wkscli.dll 0x745d0000 0x745defff Memory Mapped File Readable, Writable, Executable False False False
davhlpr.dll 0x745e0000 0x745e7fff Memory Mapped File Readable, Writable, Executable False False False
davclnt.dll 0x745f0000 0x74606fff Memory Mapped File Readable, Writable, Executable False False False
ntlanman.dll 0x74610000 0x74623fff Memory Mapped File Readable, Writable, Executable False False False
winsta.dll 0x74630000 0x74658fff Memory Mapped File Readable, Writable, Executable False False False
drprov.dll 0x74660000 0x74667fff Memory Mapped File Readable, Writable, Executable False False False
winnsi.dll 0x74670000 0x74676fff Memory Mapped File Readable, Writable, Executable False False False
iphlpapi.dll 0x74680000 0x7469bfff Memory Mapped File Readable, Writable, Executable False False False
traffic.dll 0x746a0000 0x746aafff Memory Mapped File Readable, Writable, Executable False False False
wtsapi32.dll 0x746b0000 0x746bcfff Memory Mapped File Readable, Writable, Executable False False False
oleacc.dll 0x746c0000 0x746fbfff Memory Mapped File Readable, Writable, Executable False False False
dciman32.dll 0x74700000 0x74705fff Memory Mapped File Readable, Writable, Executable False False False
ddraw.dll 0x74710000 0x747f6fff Memory Mapped File Readable, Writable, Executable False False False
glu32.dll 0x74800000 0x74821fff Memory Mapped File Readable, Writable, Executable False False False
opengl32.dll 0x74830000 0x748f7fff Memory Mapped File Readable, Writable, Executable False False False
pdh.dll 0x74900000 0x7493bfff Memory Mapped File Readable, Writable, Executable False False False
winmm.dll 0x74940000 0x74971fff Memory Mapped File Readable, Writable, Executable False False False
msacm32.dll 0x74980000 0x74993fff Memory Mapped File Readable, Writable, Executable False False False
mpr.dll 0x749a0000 0x749b1fff Memory Mapped File Readable, Writable, Executable False False False
cryptbase.dll 0x74ac0000 0x74acbfff Memory Mapped File Readable, Writable, Executable False False False
sspicli.dll 0x74ad0000 0x74b2ffff Memory Mapped File Readable, Writable, Executable False False False
imm32.dll 0x74b30000 0x74b8ffff Memory Mapped File Readable, Writable, Executable False False False
psapi.dll 0x74c90000 0x74c94fff Memory Mapped File Readable, Writable, Executable False False False
user32.dll 0x74ca0000 0x74d9ffff Memory Mapped File Readable, Writable, Executable False False False
lpk.dll 0x74da0000 0x74da9fff Memory Mapped File Readable, Writable, Executable False False False
msctf.dll 0x74db0000 0x74e7bfff Memory Mapped File Readable, Writable, Executable False False False
sechost.dll 0x74e80000 0x74e98fff Memory Mapped File Readable, Writable, Executable False False False
advapi32.dll 0x74ea0000 0x74f3ffff Memory Mapped File Readable, Writable, Executable False False False
shell32.dll 0x74f40000 0x75b89fff Memory Mapped File Readable, Writable, Executable False False False
rpcrt4.dll 0x75ee0000 0x75fcffff Memory Mapped File Readable, Writable, Executable False False False
nsi.dll 0x75fd0000 0x75fd5fff Memory Mapped File Readable, Writable, Executable False False False
oleaut32.dll 0x75fe0000 0x7606efff Memory Mapped File Readable, Writable, Executable False False False
shlwapi.dll 0x76070000 0x760c6fff Memory Mapped File Readable, Writable, Executable False False False
crypt32.dll 0x760d0000 0x761ecfff Memory Mapped File Readable, Writable, Executable False False False
devobj.dll 0x762d0000 0x762e1fff Memory Mapped File Readable, Writable, Executable False False False
ws2_32.dll 0x762f0000 0x76324fff Memory Mapped File Readable, Writable, Executable False False False
cfgmgr32.dll 0x763c0000 0x763e6fff Memory Mapped File Readable, Writable, Executable False False False
gdi32.dll 0x763f0000 0x7647ffff Memory Mapped File Readable, Writable, Executable False False False
usp10.dll 0x76510000 0x765acfff Memory Mapped File Readable, Writable, Executable False False False
kernelbase.dll 0x765b0000 0x765f5fff Memory Mapped File Readable, Writable, Executable False False False
kernel32.dll 0x76600000 0x7670ffff Memory Mapped File Readable, Writable, Executable False False False
ole32.dll 0x76710000 0x7686bfff Memory Mapped File Readable, Writable, Executable False False False
setupapi.dll 0x768a0000 0x76a3cfff Memory Mapped File Readable, Writable, Executable False False False
msvcrt.dll 0x76a40000 0x76aebfff Memory Mapped File Readable, Writable, Executable False False False
private_0x0000000076b70000 0x76b70000 0x76c69fff Private Memory Readable, Writable, Executable True False False
private_0x0000000076c70000 0x76c70000 0x76d8efff Private Memory Readable, Writable, Executable True False False
ntdll.dll 0x76d90000 0x76f38fff Memory Mapped File Readable, Writable, Executable False False False
msasn1.dll 0x76f40000 0x76f4bfff Memory Mapped File Readable, Writable, Executable False False False
ntdll.dll 0x76f70000 0x770effff Memory Mapped File Readable, Writable, Executable False False False
private_0x000000007ef38000 0x7ef38000 0x7ef3afff Private Memory Readable, Writable True True False
private_0x000000007ef38000 0x7ef38000 0x7ef3afff Private Memory Readable, Writable True True False
private_0x000000007ef3b000 0x7ef3b000 0x7ef3dfff Private Memory Readable, Writable True True False
private_0x000000007ef3e000 0x7ef3e000 0x7ef40fff Private Memory Readable, Writable True True False
private_0x000000007ef41000 0x7ef41000 0x7ef43fff Private Memory Readable, Writable True True False
private_0x000000007ef44000 0x7ef44000 0x7ef46fff Private Memory Readable, Writable True True False
private_0x000000007ef47000 0x7ef47000 0x7ef49fff Private Memory Readable, Writable True True False
private_0x000000007ef4a000 0x7ef4a000 0x7ef4cfff Private Memory Readable, Writable True True False
private_0x000000007ef4d000 0x7ef4d000 0x7ef4ffff Private Memory Readable, Writable True True False
private_0x000000007ef50000 0x7ef50000 0x7efaffff Private Memory Readable, Writable True True False
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory Readable, Writable True True False
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory Readable, Writable True True False
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True True False
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True True False
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True True False
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False
For performance reasons, the remaining 24 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp 0.33 KB (336 bytes) MD5: 7c71ee83af910dec760c54b96ae19f9a
SHA1: ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8
SHA256: 33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.33 KB (336 bytes) MD5: 7c71ee83af910dec760c54b96ae19f9a
SHA1: ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8
SHA256: 33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp 0.38 KB (384 bytes) MD5: f7b1337a85bf965b4b8ab67d65ec26c3
SHA1: 79670586cdfc33f738677af4da640abcbc308743
SHA256: 80428142e41c382f97a47b5a2366e158d40942112cd017a9ce3a1b74fc9ffd93
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.38 KB (384 bytes) MD5: f7b1337a85bf965b4b8ab67d65ec26c3
SHA1: 79670586cdfc33f738677af4da640abcbc308743
SHA256: 80428142e41c382f97a47b5a2366e158d40942112cd017a9ce3a1b74fc9ffd93
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp 0.36 KB (368 bytes) MD5: 39b7c9d83ee86f07436876987f6bf5b3
SHA1: 1892bd53396dbf427c13c63c22be20630d7c614f
SHA256: 376c27701b84ccb518346deb5217c61516c42dd3c2a6280787f6d8756750e8aa
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.36 KB (368 bytes) MD5: 39b7c9d83ee86f07436876987f6bf5b3
SHA1: 1892bd53396dbf427c13c63c22be20630d7c614f
SHA256: 376c27701b84ccb518346deb5217c61516c42dd3c2a6280787f6d8756750e8aa
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp 0.44 KB (448 bytes) MD5: bbd299bace19431a912dceadba1d4683
SHA1: 99388285449acf2c01cde866d921270a0e708484
SHA256: 414946b215d6c2418bad7c558de09dd603f14c54c24447a6774e2e4a51d76a02
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.44 KB (448 bytes) MD5: bbd299bace19431a912dceadba1d4683
SHA1: 99388285449acf2c01cde866d921270a0e708484
SHA256: 414946b215d6c2418bad7c558de09dd603f14c54c24447a6774e2e4a51d76a02
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp 0.58 KB (592 bytes) MD5: 29040b560ca4c807bd187e4a070be64a
SHA1: 558a339dacdce5b3c05e950712b856e57bc218e2
SHA256: bab2056daedad19db5a348dd37d32e97fda7261082808a9b5ceae04ec3b246a3
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.58 KB (592 bytes) MD5: 29040b560ca4c807bd187e4a070be64a
SHA1: 558a339dacdce5b3c05e950712b856e57bc218e2
SHA256: bab2056daedad19db5a348dd37d32e97fda7261082808a9b5ceae04ec3b246a3
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp 0.61 KB (624 bytes) MD5: 96de3dad77a9333b3941edcf97763093
SHA1: f89776d007f38a71ae967afa9006611704630e59
SHA256: a96413ba7afe34fa111e17ae8b01befe0cdb546be04904a02f92e113899b3ee0
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.61 KB (624 bytes) MD5: 96de3dad77a9333b3941edcf97763093
SHA1: f89776d007f38a71ae967afa9006611704630e59
SHA256: a96413ba7afe34fa111e17ae8b01befe0cdb546be04904a02f92e113899b3ee0
False
c:\windows\tasks\407dad5a-b5c6-4985-9878-a37532f9a55f.job 0.49 KB (504 bytes) MD5: 103b6c9ab3452427fab5839ea9ca1270
SHA1: afa53dd55fb041a1561da10d726663ba34f62ed8
SHA256: 912fc888e36f94b7be9216aacd71817489db4b37c44ba27ad64b08c0b7034e79
False
c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat 0.03 KB (32 bytes) MD5: c18642c37123dd9520efa18db227cba1
SHA1: 961fe841ad06e3d18495ecd3c7c1f90250f4363a
SHA256: 4d4c440ee23a5e4a5c03928c7085c8bcea0d3b8d78c53c9e03970152064c83ce
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.73 KB (752 bytes) MD5: 4f1cd6376847e04626ed1f864b6d83c6
SHA1: 58bba1d3e7b4e9f751937b584c8869689f2bd76a
SHA256: 2d4db92a8f4db77980ffc53b50440cfa158e237dcae23f758fbcadc1e813309d
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.75 KB (768 bytes) MD5: 2124dedcce45e017b2b52ceea067f908
SHA1: b2ef626c65632a0e2cf8672e8a1b935970cfe9b5
SHA256: ff889ae413ec5a3f93750c59fd587b46849a1046ab401698507ff1fe2b9ffb0c
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.78 KB (800 bytes) MD5: d2907d752b69c6654c839ea5186f8991
SHA1: 040859a0b7a8d960957057fb46de31ac1efbbf60
SHA256: 16d95ef314aa437c57296fb044c62b8866b1988883de2e061d2905e961fcd726
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.81 KB (832 bytes) MD5: 00642690ded7bb60887302ae669d3594
SHA1: c7d1b92ee49ef4af1a217e3f714966d0e429feeb
SHA256: e81d72ecc715998879b1c65bbc11852f4e2b36b5e409e301df146c5dfd46fe69
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.84 KB (864 bytes) MD5: 2fcabfa8f45e908bdd322512d97af55c
SHA1: bc870d783d89b1dfe87dfe83572cbbe0d9d51373
SHA256: 74a7a900be85839c0cca0a5afca690aaa0d3c359886e87983a4af890680effb7
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 0.86 KB (880 bytes) MD5: 05d9c03b1d498b1ed988482850ce1d27
SHA1: 75a080f4c54005703fd524c4a6b4272941d3d110
SHA256: ea6250d4e68955c06ff481da3fa354653dbb4417867e338861f04fc439716849
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 1.00 KB (1024 bytes) MD5: 59b0194db8f7ab4b531fe53c5d318861
SHA1: 27b7876c04a3d91007cb6b2d127a66613ebdc1df
SHA256: 832baecc09332b754abdb3b3d3a7f32e19bfb533ad6d2cca49b86a8092861b2e
False
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat 1.06 KB (1088 bytes) MD5: fc2d4c590d9c78b2f8bb25fb284ca97f
SHA1: 591fe8f17424e2284e0c893f1d4e213c47a400a1
SHA256: 0e6a06ecd934e0c6a62c59e13dd5bee3f4cb279f6767c7d5488b14ce8f8ad4c4
False
Modified Files
+
Filename File Size Hash Values YARA Match Actions
c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll 133.00 KB (136192 bytes) MD5: ca98762b43ad6d6e4147089cae636fd5
SHA1: a8fb38628d6a0e3cbf3b593fdb16fba59ddbb04a
SHA256: d36bca25ec22d09410b4432fcc65fca29ac1101953dabd8be67598e8bb603210
False
Host Behavior
COM (1)
+
Operation Class Interface Additional Information Success Count Logfile
Create 148BD52A-A2AB-11CE-B11F-00AA00530503 148BD527-A2AB-11CE-B11F-00AA00530503 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
File (561)
+
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 2
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 2
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\8054e6dc-e4db-4147-9938-ada26bf04150\38e5d161-f6c8-43ba-9fe8-f1301b7b08b6 desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\pST790mv.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create \\.\NPF_NdisWanIp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\ProgramData\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
Create C:\ProgramData\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE True 1
Fn
Create Directory C: - False 1
Fn
Create Directory C:\Users - False 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz - False 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData - False 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local - False 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4 - True 1
Fn
Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\8054e6dc-e4db-4147-9938-ada26bf04150 - True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 16
Fn
Create Pipe Anonymous read pipe size = 0 True 16
Fn
Create Pipe \device\namedpipe\d598dec5-4d80-43a6-a70a-9b525cd42b6e open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_FIRST_PIPE_INSTANCE, FILE_FLAG_OVERLAPPED, max_instances = 1 True 1
Fn
Create Pipe \device\namedpipe\809be9fc-4888-4de2-b082-6bb25f3a1fee open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_FIRST_PIPE_INSTANCE, FILE_FLAG_OVERLAPPED, max_instances = 1 True 1
Fn
Get Info - type = time True 1
Fn
Get Info STD_OUTPUT_HANDLE type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info - type = time True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\crash_flag type = file_attributes False 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\transport type = file_attributes False 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\pST790mv.exe type = size True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat type = file_attributes True 1
Fn
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 2
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Open - - False 93
Fn
Open - - True 7
Fn
Copy C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp True 16
Fn
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\pST790mv.exe size = 517632, size_out = 517632 True 1
Fn
Data
Read - size = 4096 False 110
Fn
Read - size = 4096 True 169
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp size = 336 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp size = 384 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp size = 368 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp size = 448 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp size = 592 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp size = 624 True 1
Fn
Data
Write - size = 12 False 2
Fn
Write - size = 12 True 2
Fn
Write - size = 3924 True 1
Fn
Write - size = 8 True 1
Fn
Write - size = 56 True 1
Fn
Write - size = 44 True 35
Fn
Write - size = 1024 True 1
Fn
Data
Write - size = 39 True 1
Fn
Write C:\ProgramData\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat size = 32 True 1
Fn
Data
Write C:\ProgramData\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat size = 483328 True 1
Fn
Data
Write C:\ProgramData\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll size = 136192 True 1
Fn
Data
Write C:\ProgramData\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll size = 8704 True 1
Fn
Data
Write C:\ProgramData\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll size = 178 True 1
Fn
Data
Write - size = 159 True 1
Fn
Write - size = 62 True 1
Fn
Write - size = 65 True 1
Fn
Write - size = 66 True 1
Fn
Write - size = 59 True 1
Fn
Write - size = 183 True 1
Fn
Write - size = 98 True 1
Fn
Write - size = 48 True 1
Fn
Write - size = 43 True 1
Fn
Registry (444)
+
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIOR_{1779650B-2E44-4A19-8DF6-3866D645764A} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.VISIOR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIOR_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPROR_{316A864B-0547-40CE-B136-B02B4D18BF09} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion value_name = CurrentMajorVersionNumber, data = 0 False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion value_name = CurrentVersion, data = 54 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 87 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion value_name = CSDVersion, data = 83 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion value_name = CurrentBuildNumber, data = 55 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = VendorIdentifier, data = 71 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ~MHz, data = 16 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin value_name = DisplayName, data = 65 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome value_name = DisplayName, data = 71 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC value_name = DisplayName, type = REG_NONE False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} value_name = DisplayName, data = 74 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} value_name = DisplayName, data = 74 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} value_name = DisplayName, data = 65 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 value_name = DisplayName, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIOR_{1779650B-2E44-4A19-8DF6-3866D645764A} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIOR_{1779650B-2E44-4A19-8DF6-3866D645764A} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.VISIOR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.VISIOR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIOR_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIOR_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPROR_{316A864B-0547-40CE-B136-B02B4D18BF09} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPROR_{316A864B-0547-40CE-B136-B02B4D18BF09} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} value_name = DisplayName, data = 77 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} value_name = DisplayName, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} value_name = DisplayName, data = 77 True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 2
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 2
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - False 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - True 1
Fn
Enumerate Keys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall - False 1
Fn
Process (253)
+
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\dllhost.exe os_pid = 0x474, creation_flags = CREATE_SUSPENDED, startup_flags = STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE True 1
Fn
Create C:\Windows\system32\dllhost.exe os_pid = 0x4bc, creation_flags = CREATE_SUSPENDED, startup_flags = STARTF_FORCEOFFFEEDBACK, show_window = SW_HIDE True 1
Fn
Open System desired_access = PROCESS_DUP_HANDLE False 249
Fn
Terminate C:\Windows\system32\dllhost.exe exit_code = 10 True 1
Fn
Terminate C:\Windows\system32\dllhost.exe exit_code = 10 True 1
Fn
Thread (6)
+
Operation Process Additional Information Success Count Logfile
Get Context c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe os_tid = 0xac0 True 1
Fn
Get Context c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe os_tid = 0xac0 True 1
Fn
Set Context c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe os_tid = 0xac0 True 1
Fn
Set Context c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe os_tid = 0xac0 True 1
Fn
Resume c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe os_tid = 0xac0 True 1
Fn
Resume c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe os_tid = 0xac0 True 1
Fn
Memory (8)
+
Operation Process Additional Information Success Count Logfile
Allocate C:\Windows\system32\dllhost.exe address = 0x60000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 390 True 1
Fn
Allocate C:\Windows\system32\dllhost.exe address = 0x70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 483328 True 1
Fn
Allocate C:\Windows\system32\dllhost.exe address = 0x60000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_READWRITE, size = 444 True 1
Fn
Allocate C:\Windows\system32\dllhost.exe address = 0x150000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 483328 True 1
Fn
Write C:\Windows\system32\dllhost.exe address = 0x60000, size = 390 True 1
Fn
Data
Write C:\Windows\system32\dllhost.exe address = 0x70000, size = 483328 True 1
Fn
Data
Write C:\Windows\system32\dllhost.exe address = 0x60000, size = 444 True 1
Fn
Data
Write C:\Windows\system32\dllhost.exe address = 0x150000, size = 483328 True 1
Fn
Data
Module (468)
+
Operation Module Additional Information Success Count Logfile
Load KERNEL32.dll base_address = 0x76600000 True 4
Fn
Load ADVAPI32.dll base_address = 0x74ea0000 True 3
Fn
Load msvcrt.dll base_address = 0x76a40000 True 4
Fn
Load USER32.dll base_address = 0x74ca0000 True 1
Fn
Load CRYPT32.dll base_address = 0x760d0000 True 1
Fn
Load WS2_32.dll base_address = 0x762f0000 True 1
Fn
Load DNSAPI.dll base_address = 0x743a0000 True 1
Fn
Load PSAPI.DLL base_address = 0x74c90000 True 1
Fn
Load ole32.dll base_address = 0x76710000 True 3
Fn
Load SHELL32.dll base_address = 0x74f40000 True 2
Fn
Load SHLWAPI.dll base_address = 0x76070000 True 1
Fn
Load WINHTTP.dll base_address = 0x74340000 True 1
Fn
Load GDI32.dll base_address = 0x763f0000 True 1
Fn
Load ntdll.dll base_address = 0x76f70000 True 3
Fn
Load gdiplus.dll base_address = 0x74160000 True 1
Fn
Load NETAPI32.dll base_address = 0x74140000 True 1
Fn
Load user32.dll base_address = 0x74ca0000 True 1
Fn
Load Wtsapi32.dll base_address = 0x746b0000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76600000 True 5
Fn
Get Handle c:\windows\syswow64\ntdll.dll base_address = 0x76f70000 True 1
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x74ea0000 True 1
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe base_address = 0x10000000 True 11
Fn
Get Handle private_0x0000000004dd0000 base_address = 0x4dd0000 True 1
Fn
Get Filename - process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\pST790mv.exe, size = 260 True 1
Fn
Get Filename - process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\pST790mv.exe, size = 519 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x76614f2b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x76611252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x76614208 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x7661359f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapCreate, address_out = 0x76614a2d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapAlloc, address_out = 0x76f9e026 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapReAlloc, address_out = 0x76fb1f6e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapFree, address_out = 0x766114c9 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualAlloc, address_out = 0x76611856 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EncodePointer, address_out = 0x76fb0fcb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetEnvironmentVariableA, address_out = 0x7661e331 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushInstructionCache, address_out = 0x76614393 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcessHeap, address_out = 0x766114e9 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnhandledExceptionFilter, address_out = 0x7663772f True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitProcess, address_out = 0x76617a10 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadProcessMemory, address_out = 0x7662cfcc True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemInfo, address_out = 0x766149ca True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcess, address_out = 0x76611809 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcAddress, address_out = 0x76611222 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Sleep, address_out = 0x766110ff True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleA, address_out = 0x76611245 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateProcess, address_out = 0x7662d802 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RtlUnwind, address_out = 0x7663d1c3 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetUnhandledExceptionFilter, address_out = 0x766187c9 True 4
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptHashData, address_out = 0x74eadf36 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptCreateHash, address_out = 0x74eadf4e True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptReleaseContext, address_out = 0x74eae124 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptDestroyHash, address_out = 0x74eadf66 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptAcquireContextW, address_out = 0x74eadf14 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptGetHashParam, address_out = 0x74eadf7e True 2
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strlen, address_out = 0x76a543d3 True 4
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = memset, address_out = 0x76a49790 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DecodePointer, address_out = 0x76fa9d35 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualQuery, address_out = 0x7661445a True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushFileBuffers, address_out = 0x7661469b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CopyFileW, address_out = 0x7663830d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetShortPathNameW, address_out = 0x7661d2f9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCommandLineW, address_out = 0x76615223 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenEventW, address_out = 0x766115d6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetErrorMode, address_out = 0x76611b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DuplicateHandle, address_out = 0x76611886 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameW, address_out = 0x76614950 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateProcessW, address_out = 0x7661103d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RemoveDirectoryW, address_out = 0x766944cf True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenMutexA, address_out = 0x7662ec6f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetComputerNameW, address_out = 0x7661dd0e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemDirectoryW, address_out = 0x76615063 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ResumeThread, address_out = 0x766143ef True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventA, address_out = 0x7661328c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentVariableW, address_out = 0x76611b48 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateMutexA, address_out = 0x76614c6b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindFirstFileW, address_out = 0x76614435 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindNextFileW, address_out = 0x766154ee True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindClose, address_out = 0x76614442 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RegisterWaitForSingleObject, address_out = 0x7663cb05 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnregisterWaitEx, address_out = 0x7663b921 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateToolhelp32Snapshot, address_out = 0x7663735f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32FirstW, address_out = 0x76638baf True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32NextW, address_out = 0x7663896c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnregisterWait, address_out = 0x7669e6ab True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CancelIo, address_out = 0x7668bce9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LocalFree, address_out = 0x76612d3c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTempPathW, address_out = 0x7662d4dc True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTempFileNameW, address_out = 0x7663d1b6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualFree, address_out = 0x7661186e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualAllocEx, address_out = 0x7662d9b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteProcessMemory, address_out = 0x7662d9e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetThreadContext, address_out = 0x766379d4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadContext, address_out = 0x76695393 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualFreeEx, address_out = 0x7662d9c8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcessId, address_out = 0x7663cf04 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileA, address_out = 0x766153c6 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsGetValue, address_out = 0x766111e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsAlloc, address_out = 0x766149ad True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsFree, address_out = 0x76613587 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateIoCompletionPort, address_out = 0x7662eef2 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = PostQueuedCompletionStatus, address_out = 0x7662ef29 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsSetValue, address_out = 0x766114fb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteTimerQueueTimer, address_out = 0x7662f7d3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateTimerQueueTimer, address_out = 0x7662f7eb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateNamedPipeA, address_out = 0x76691807 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ConnectNamedPipe, address_out = 0x766940fb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateDirectoryW, address_out = 0x76614259 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetExitCodeProcess, address_out = 0x7662174d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalFree, address_out = 0x76615558 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocaleInfoA, address_out = 0x7662d5e5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemTime, address_out = 0x76615a96 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalMemoryStatusEx, address_out = 0x7663d4c4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MultiByteToWideChar, address_out = 0x7661192e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VerSetConditionMask, address_out = 0x76fe92b9 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VerifyVersionInfoA, address_out = 0x7662f803 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrlenA, address_out = 0x76615a4b True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetVolumeInformationW, address_out = 0x7662c860 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileInformationByHandle, address_out = 0x766153ae True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InterlockedCompareExchange, address_out = 0x76611484 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InterlockedExchange, address_out = 0x76611462 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentVariableA, address_out = 0x766133a0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryA, address_out = 0x766149d7 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeLibrary, address_out = 0x766134c8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteFileW, address_out = 0x766189b3 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileAttributesW, address_out = 0x76611b18 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteFile, address_out = 0x76611282 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitThread, address_out = 0x76fcd598 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFilePointer, address_out = 0x766117d1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenProcess, address_out = 0x76611986 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleW, address_out = 0x766134b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessId, address_out = 0x766111f8 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocalTime, address_out = 0x76615aa6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLastError, address_out = 0x766111c0 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ResetEvent, address_out = 0x766116dd True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LeaveCriticalSection, address_out = 0x76f92270 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnterCriticalSection, address_out = 0x76f922b0 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteCriticalSection, address_out = 0x76fa45f5 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSection, address_out = 0x76fa2c42 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetEvent, address_out = 0x766116c5 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventW, address_out = 0x7661183e True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentThreadId, address_out = 0x76611450 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemTimeAsFileTime, address_out = 0x76613509 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SystemTimeToFileTime, address_out = 0x76615a7e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateThread, address_out = 0x76617a2f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForSingleObject, address_out = 0x76611136 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThread, address_out = 0x766134d5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OutputDebugStringA, address_out = 0x7663b2b7 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseHandle, address_out = 0x76611410 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount, address_out = 0x7661110c True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadFile, address_out = 0x76613ed3 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileSize, address_out = 0x7661196e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetQueuedCompletionStatus, address_out = 0x7662d3c3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileW, address_out = 0x76613f5c True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = QueryPerformanceCounter, address_out = 0x76611725 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WideCharToMultiByte, address_out = 0x7661170d True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryW, address_out = 0x7661492b True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetIconInfo, address_out = 0x74cc49ea True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetCursorPos, address_out = 0x74cc1218 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DrawIcon, address_out = 0x74cc8deb True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = ReleaseDC, address_out = 0x74cb7446 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetDesktopWindow, address_out = 0x74cc0a19 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetDC, address_out = 0x74cb72c4 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetSystemMetrics, address_out = 0x74cb7d2f True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetLastInputInfo, address_out = 0x74ccb382 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = CharLowerA, address_out = 0x74cc3e75 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetWindowRect, address_out = 0x74cb7f34 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetMessageW, address_out = 0x74cb78e2 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = PostMessageW, address_out = 0x74cc12a5 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = MessageBoxA, address_out = 0x74d0fd1e True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = MessageBoxW, address_out = 0x74d0fd3f True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = LoadImageA, address_out = 0x74cc8455 True 1
Fn
Get Address c:\windows\syswow64\crypt32.dll function = CryptImportPublicKeyInfo, address_out = 0x760e6c0e True 1
Fn
Get Address c:\windows\syswow64\crypt32.dll function = CryptStringToBinaryA, address_out = 0x76105d77 True 1
Fn
Get Address c:\windows\syswow64\crypt32.dll function = CryptDecodeObjectEx, address_out = 0x760dd718 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 11, address_out = 0x762f311b True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 9, address_out = 0x762f2d8b True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSASocketW, address_out = 0x762f3cd3 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSASendTo, address_out = 0x7630b30c True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 111, address_out = 0x762f37ad True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 3, address_out = 0x762f3918 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSARecvFrom, address_out = 0x762fcba6 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSAIoctl, address_out = 0x762f2fe7 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 21, address_out = 0x762f41b6 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 2, address_out = 0x762f4582 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 12, address_out = 0x762fb131 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSASend, address_out = 0x762f4406 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 5, address_out = 0x762f7147 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 115, address_out = 0x762f3ab2 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSARecv, address_out = 0x762f7089 True 1
Fn
Get Address c:\windows\syswow64\dnsapi.dll function = DnsWriteQuestionToBuffer_UTF8, address_out = 0x743cadbb True 1
Fn
Get Address c:\windows\syswow64\dnsapi.dll function = DnsExtractRecordsFromMessage_UTF8, address_out = 0x743caf44 True 1
Fn
Get Address c:\windows\syswow64\dnsapi.dll function = DnsFree, address_out = 0x743a436b True 1
Fn
Get Address c:\windows\syswow64\psapi.dll function = GetModuleBaseNameA, address_out = 0x74c915a4 True 1
Fn
Get Address c:\windows\syswow64\ole32.dll function = CoCreateGuid, address_out = 0x767515d5 True 3
Fn
Get Address c:\windows\syswow64\ole32.dll function = CoInitializeEx, address_out = 0x767509ad True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetUserNameW, address_out = 0x74eb157a True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = InitializeSecurityDescriptor, address_out = 0x74eb4620 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = SetSecurityDescriptorDacl, address_out = 0x74eb415e True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptVerifySignatureW, address_out = 0x74eac54a True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptDestroyKey, address_out = 0x74eac51a True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExA, address_out = 0x74eb4907 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegQueryValueExA, address_out = 0x74eb48ef True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCloseKey, address_out = 0x74eb469d True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = OpenProcessToken, address_out = 0x74eb4304 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetTokenInformation, address_out = 0x74eb431c True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetSidSubAuthorityCount, address_out = 0x74eb0e0c True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetSidSubAuthority, address_out = 0x74eb0e24 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = AllocateAndInitializeSid, address_out = 0x74eb40e6 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CheckTokenMembership, address_out = 0x74eadf04 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = FreeSid, address_out = 0x74eb412e True 2
Fn
Get Address c:\windows\syswow64\shell32.dll function = CommandLineToArgvW, address_out = 0x74f59ee8 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ShellExecuteExW, address_out = 0x74f61e46 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = SHGetFolderPathW, address_out = 0x74fc5708 True 2
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathIsDirectoryW, address_out = 0x7607ff07 True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = 12, address_out = 0x7608158a True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathAppendW, address_out = 0x760881ef True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpGetIEProxyConfigForCurrentUser, address_out = 0x7435257e True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpAddRequestHeaders, address_out = 0x74359dfb True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpOpen, address_out = 0x743458b9 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpCloseHandle, address_out = 0x74342c01 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpConnect, address_out = 0x7434d9f5 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpOpenRequest, address_out = 0x74344aea True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpSetOption, address_out = 0x74343f6c True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpSendRequest, address_out = 0x743479bd True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpReceiveResponse, address_out = 0x7434b262 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpWriteData, address_out = 0x7435abfd True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpQueryHeaders, address_out = 0x7434ba51 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpQueryDataAvailable, address_out = 0x7435c5dd True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpReadData, address_out = 0x7434cb9e True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpSetStatusCallback, address_out = 0x74345ebd True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleDC, address_out = 0x764054f4 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SelectObject, address_out = 0x76404f70 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = BitBlt, address_out = 0x76405ea6 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteDC, address_out = 0x764058b3 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteObject, address_out = 0x76405689 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDeviceCaps, address_out = 0x76404de0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleBitmap, address_out = 0x76405f49 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlRandom, address_out = 0x770398c3 True 3
Fn
Get Address c:\windows\syswow64\ntdll.dll function = ZwQueryObject, address_out = 0x76f8f9e8 True 2
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlImageNtHeader, address_out = 0x76fa3164 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = ZwQuerySystemInformation, address_out = 0x76f8fda0 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtQuerySystemInformation, address_out = 0x76f8fda0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74185600 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusShutdown, address_out = 0x741856be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x741a2437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateBitmapFromHBITMAP, address_out = 0x74196671 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImageEncodersSize, address_out = 0x741a2203 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImageEncoders, address_out = 0x741a228c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSaveImageToStream, address_out = 0x74194153 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDisposeImage, address_out = 0x74194cc8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x741a24b2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneImage, address_out = 0x74194bfa True 1
Fn
Get Address c:\windows\syswow64\netapi32.dll function = NetApiBufferFree, address_out = 0x745b13d2 True 1
Fn
Get Address c:\windows\syswow64\netapi32.dll function = NetWkstaGetInfo, address_out = 0x74145570 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = malloc, address_out = 0x76a49cee True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = vsprintf, address_out = 0x76ab7677 True 2
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = free, address_out = 0x76a49894 True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = ??3@YAXPAX@Z, address_out = 0x76a4b0b9 True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = ??2@YAPAXI@Z, address_out = 0x76a4b0c9 True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = memcpy, address_out = 0x76a49910 True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = memmove, address_out = 0x76a49e5a True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = puts, address_out = 0x76ab8d04 True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = abort, address_out = 0x76aa8e53 True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcslen, address_out = 0x76a5d335 True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = exit, address_out = 0x76a536aa True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = realloc, address_out = 0x76a4b10d True 3
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strncmp, address_out = 0x76a4b443 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _strcmpi, address_out = 0x76a4db38 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _vsnwprintf, address_out = 0x76a4bbce True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _purecall, address_out = 0x76aa6ea9 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = tolower, address_out = 0x76a4c4f0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = atoi, address_out = 0x76a4dbe0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strcmp, address_out = 0x76a58b11 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = atol, address_out = 0x76a4ddf4 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _wcsicmp, address_out = 0x76a4a9e9 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _snwprintf, address_out = 0x76a695d1 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcscmp, address_out = 0x76a5d3b7 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcsrchr, address_out = 0x76a4a73f True 2
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcscpy, address_out = 0x76a5d4f8 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _errno, address_out = 0x76a4a5b8 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcschr, address_out = 0x76a4aa61 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strchr, address_out = 0x76a4dbeb True 2
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _iob, address_out = 0x76ae2900 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetProcessDpiAwarenessContext, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetProcessDpiAwareness, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetProcessDPIAware, address_out = 0x74cbfcb8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsWow64Process, address_out = 0x7661195e True 3
Fn
Get Address c:\windows\syswow64\wtsapi32.dll function = WTSQuerySessionInformationW, address_out = 0x746b253d True 1
Fn
Get Address c:\windows\syswow64\wtsapi32.dll function = WTSFreeMemory, address_out = 0x746b1b65 True 1
Fn
Get Address c:\windows\syswow64\wtsapi32.dll function = WTSEnumerateSessionsW, address_out = 0x746b1d49 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegQueryValueExW, address_out = 0x74eb46ad True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegEnumKeyExA, address_out = 0x74eb1481 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = memcmp, address_out = 0x76a57975 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _snprintf, address_out = 0x76a6fa7c True 2
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _vsnprintf, address_out = 0x76a4d1a8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExpandEnvironmentStringsW, address_out = 0x76614173 True 1
Fn
Get Address c:\windows\syswow64\ole32.dll function = CoInitialize, address_out = 0x7672b636 True 1
Fn
Get Address c:\windows\syswow64\ole32.dll function = CoCreateInstance, address_out = 0x76759d0b True 1
Fn
Window (3)
+
Operation Window Name Additional Information Success Count Logfile
Create Viewer class_name = View, wndproc_parameter = 0 False 1
Fn
Set Attribute - index = 18446744073709551600, new_long = 18446744071562067968 False 1
Fn
Set Attribute - index = 18446744073709551596, new_long = 128 False 1
Fn
System (99)
+
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 2
Fn
Sleep duration = 993 milliseconds (0.993 seconds) True 1
Fn
Get Time type = System Time, time = 1627-01-20 17:43:11 (UTC) True 1
Fn
Get Time type = Ticks, time = 101135 True 1
Fn
Get Time type = System Time, time = 2017-11-07 19:24:41 (UTC) True 40
Fn
Get Time type = Ticks, time = 101431 True 6
Fn
Get Time type = Ticks, time = 106595 True 1
Fn
Get Time type = System Time, time = 2017-11-07 19:24:48 (UTC) True 6
Fn
Get Time type = System Time, time = 2017-11-07 19:24:50 (UTC) True 1
Fn
Get Time type = Ticks, time = 152194 True 1
Fn
Get Time type = System Time, time = 2017-11-07 19:25:33 (UTC) True 1
Fn
Get Info type = Hardware Information True 34
Fn
Get Info type = SYSTEM_HANDLE_INFORMATION False 1
Fn
Get Info type = SYSTEM_HANDLE_INFORMATION True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Mutex (2)
+
Operation Additional Information Success Count Logfile
Create mutex_name = df7689e6-c49f-4a86-82e8-6809a406872a True 1
Fn
Open mutex_name = df7689e6-c49f-4a86-82e8-6809a406872a, desired_access = SYNCHRONIZE False 1
Fn
Environment (6)
+
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Get Environment String name = RESTARTED False 1
Fn
Get Environment String name = SELF False 1
Fn
Get Environment String name = INJECTED False 1
Fn
Get Environment String name = bound, result_out = 941401012 True 1
Fn
Set Environment String name = bound, value = 941401012 True 1
Fn
Network Behavior
TCP Sessions (1)
+
Information Value
Total Data Sent 0.00 KB (0 bytes)
Total Data Received 0.00 KB (0 bytes)
Contacted Host Count 1
Contacted Hosts 192.99.181.10:443
TCP Session #1
+
Information Value
Handle 0x214
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 192.99.181.10
Remote Port 443
Local Address 0.0.0.0
Local Port 1984
Data Sent 0.00 KB (0 bytes)
Data Received 0.00 KB (0 bytes)
Operations
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Bind local_address = 0x0, local_port = 0 True 1
Fn
Connect remote_address = 192.99.181.10, remote_port = 443 True 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 3
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 4
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 2
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 2
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
Send flags = NO_FLAG_SET True 1
Fn
Receive flags = NO_FLAG_SET, size = 0 False 1
Fn
HTTP Sessions (1)
+
Information Value
Total Data Sent 0.16 KB (163 bytes)
Total Data Received 0.03 KB (33 bytes)
Contacted Host Count 1
Contacted Hosts httpbin.org
HTTP Session #1
+
Information Value
User Agent Wget/1.11.
Server Name httpbin.org
Server Port 80
Data Sent 0.16 KB (163 bytes)
Data Received 0.03 KB (33 bytes)
Operations
Operation Additional Information Success Count Logfile
Open Session user_agent = Wget/1.11., access_type = WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, flags = WINHTTP_FLAG_SYNC True 1
Fn
Open Connection protocol = HTTP, server_name = httpbin.org, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /ip, accept_types = 0, flags = INTERNET_FLAG_FORMS_SUBMIT, INTERNET_FLAG_PRAGMA_NOCACHE True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = httpbin.org/ip True 1
Fn
Read Response size = 33, size_out = 33 True 1
Fn
Data
Close Session - True 1
Fn
Process #4: dllhost.exe'
+
Information Value
ID #4
File Name c:\windows\syswow64\dllhost.exe
Command Line "C:\Windows\system32\dllhost.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:29, Reason: Child Process
Unmonitor End Time: 00:10:13, Reason: Terminated by Timeout
Monitor Duration 00:08:44
Remarks No high level activity detected in monitored regions
OS Process Information
+
Information Value
PID 0x474
Parent PID 0xaa8 (c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Groups
  • XDUWTFONO\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001076e (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 5D4
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True True False
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory Readable True False False
private_0x0000000000060000 0x00060000 0x00060fff Private Memory Readable, Writable True True False
private_0x0000000000070000 0x00070000 0x000e5fff Private Memory Readable, Writable, Executable True True False
private_0x0000000000170000 0x00170000 0x001affff Private Memory Readable, Writable True True False
private_0x00000000001f0000 0x001f0000 0x0022ffff Private Memory Readable, Writable True True False
dllhost.exe 0x00ab0000 0x00ab4fff Memory Mapped File Readable, Writable, Executable False False False
ntdll.dll 0x76d90000 0x76f38fff Memory Mapped File Readable, Writable, Executable False False False
ntdll.dll 0x76f70000 0x770effff Memory Mapped File Readable, Writable, Executable False False False
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True True False
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True True False
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True True False
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #3: c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe 0xac0 address = 0x60000, size = 390 True 1
Fn
Data
Modify Control Flow #3: c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe 0xac0 os_tid = 0x5d4, address = 0x76f801c4 True 1
Fn
Process #5: dllhost.exe
(Host: 265, Network: 0)
+
Information Value
ID #5
File Name c:\windows\syswow64\dllhost.exe
Command Line "C:\Windows\system32\dllhost.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:29, Reason: Child Process
Unmonitor End Time: 00:10:13, Reason: Terminated by Timeout
Monitor Duration 00:08:44
OS Process Information
+
Information Value
PID 0x4bc
Parent PID 0xaa8 (c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Groups
  • XDUWTFONO\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001076e (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 244
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False
private_0x0000000000020000 0x00020000 0x00020fff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True True False
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory Readable True False False
private_0x0000000000060000 0x00060000 0x00060fff Private Memory Readable, Writable True True False
private_0x0000000000090000 0x00090000 0x000cffff Private Memory Readable, Writable True True False
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory Readable, Writable True True False
private_0x0000000000150000 0x00150000 0x001c5fff Private Memory Readable, Writable, Executable True True False
locale.nls 0x001d0000 0x00236fff Memory Mapped File Readable False False False
private_0x0000000000240000 0x00240000 0x002dffff Private Memory Readable, Writable True False False
private_0x00000000003a0000 0x003a0000 0x0041ffff Private Memory Readable, Writable True True False
private_0x0000000000420000 0x00420000 0x0057ffff Private Memory Readable, Writable True False False
private_0x00000000005a0000 0x005a0000 0x005affff Private Memory Readable, Writable True True False
private_0x00000000005f0000 0x005f0000 0x006effff Private Memory Readable, Writable True True False
pagefile_0x00000000006f0000 0x006f0000 0x00877fff Pagefile Backed Memory Readable True False False
pagefile_0x0000000000880000 0x00880000 0x00a00fff Pagefile Backed Memory Readable True False False
dllhost.exe 0x00ab0000 0x00ab4fff Memory Mapped File Readable, Writable, Executable False False False
pagefile_0x0000000000ac0000 0x00ac0000 0x01ebffff Pagefile Backed Memory Readable True False False
srvcli.dll 0x74120000 0x74138fff Memory Mapped File Readable, Writable, Executable False False False
netapi32.dll 0x74140000 0x74150fff Memory Mapped File Readable, Writable, Executable False False False
gdiplus.dll 0x74160000 0x742effff Memory Mapped File Readable, Writable, Executable False False False
webio.dll 0x742f0000 0x7433efff Memory Mapped File Readable, Writable, Executable False False False
winhttp.dll 0x74340000 0x74397fff Memory Mapped File Readable, Writable, Executable False False False
dnsapi.dll 0x743a0000 0x743e3fff Memory Mapped File Readable, Writable, Executable False False False
wow64cpu.dll 0x744a0000 0x744a7fff Memory Mapped File Readable, Writable, Executable False False False
wow64win.dll 0x744b0000 0x7450bfff Memory Mapped File Readable, Writable, Executable False False False
wow64.dll 0x74510000 0x7454efff Memory Mapped File Readable, Writable, Executable False False False
netutils.dll 0x745b0000 0x745b8fff Memory Mapped File Readable, Writable, Executable False False False
wkscli.dll 0x745d0000 0x745defff Memory Mapped File Readable, Writable, Executable False False False
cryptbase.dll 0x74ac0000 0x74acbfff Memory Mapped File Readable, Writable, Executable False False False
sspicli.dll 0x74ad0000 0x74b2ffff Memory Mapped File Readable, Writable, Executable False False False
imm32.dll 0x74b30000 0x74b8ffff Memory Mapped File Readable, Writable, Executable False False False
psapi.dll 0x74c90000 0x74c94fff Memory Mapped File Readable, Writable, Executable False False False
user32.dll 0x74ca0000 0x74d9ffff Memory Mapped File Readable, Writable, Executable False False False
lpk.dll 0x74da0000 0x74da9fff Memory Mapped File Readable, Writable, Executable False False False
msctf.dll 0x74db0000 0x74e7bfff Memory Mapped File Readable, Writable, Executable False False False
sechost.dll 0x74e80000 0x74e98fff Memory Mapped File Readable, Writable, Executable False False False
advapi32.dll 0x74ea0000 0x74f3ffff Memory Mapped File Readable, Writable, Executable False False False
shell32.dll 0x74f40000 0x75b89fff Memory Mapped File Readable, Writable, Executable False False False
rpcrt4.dll 0x75ee0000 0x75fcffff Memory Mapped File Readable, Writable, Executable False False False
nsi.dll 0x75fd0000 0x75fd5fff Memory Mapped File Readable, Writable, Executable False False False
shlwapi.dll 0x76070000 0x760c6fff Memory Mapped File Readable, Writable, Executable False False False
crypt32.dll 0x760d0000 0x761ecfff Memory Mapped File Readable, Writable, Executable False False False
ws2_32.dll 0x762f0000 0x76324fff Memory Mapped File Readable, Writable, Executable False False False
gdi32.dll 0x763f0000 0x7647ffff Memory Mapped File Readable, Writable, Executable False False False
usp10.dll 0x76510000 0x765acfff Memory Mapped File Readable, Writable, Executable False False False
kernelbase.dll 0x765b0000 0x765f5fff Memory Mapped File Readable, Writable, Executable False False False
kernel32.dll 0x76600000 0x7670ffff Memory Mapped File Readable, Writable, Executable False False False
ole32.dll 0x76710000 0x7686bfff Memory Mapped File Readable, Writable, Executable False False False
msvcrt.dll 0x76a40000 0x76aebfff Memory Mapped File Readable, Writable, Executable False False False
private_0x0000000076b70000 0x76b70000 0x76c69fff Private Memory Readable, Writable, Executable True True False
private_0x0000000076c70000 0x76c70000 0x76d8efff Private Memory Readable, Writable, Executable True False False
ntdll.dll 0x76d90000 0x76f38fff Memory Mapped File Readable, Writable, Executable False False False
msasn1.dll 0x76f40000 0x76f4bfff Memory Mapped File Readable, Writable, Executable False False False
ntdll.dll 0x76f70000 0x770effff Memory Mapped File Readable, Writable, Executable False False False
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True True False
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True True False
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True True False
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #3: c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe 0xac0 address = 0x60000, size = 444 True 1
Fn
Data
Modify Memory #3: c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe 0xac0 address = 0x150000, size = 483328 True 1
Fn
Data
Modify Control Flow #3: c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\pst790mv.exe 0xac0 os_tid = 0x244, address = 0x76f801c4 True 1
Fn
Host Behavior
Module (265)
+
Operation Module Additional Information Success Count Logfile
Load KERNEL32.dll base_address = 0x76600000 True 1
Fn
Load USER32.dll base_address = 0x74ca0000 True 1
Fn
Load CRYPT32.dll base_address = 0x760d0000 True 1
Fn
Load WS2_32.dll base_address = 0x762f0000 True 1
Fn
Load DNSAPI.dll base_address = 0x743a0000 True 1
Fn
Load PSAPI.DLL base_address = 0x74c90000 True 1
Fn
Load ole32.dll base_address = 0x76710000 True 1
Fn
Load ADVAPI32.dll base_address = 0x74ea0000 True 1
Fn
Load SHELL32.dll base_address = 0x74f40000 True 1
Fn
Load SHLWAPI.dll base_address = 0x76070000 True 1
Fn
Load WINHTTP.dll base_address = 0x74340000 True 1
Fn
Load GDI32.dll base_address = 0x763f0000 True 1
Fn
Load ntdll.dll base_address = 0x76f70000 True 1
Fn
Load gdiplus.dll base_address = 0x74160000 True 1
Fn
Load NETAPI32.dll base_address = 0x74140000 True 1
Fn
Load msvcrt.dll base_address = 0x76a40000 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DecodePointer, address_out = 0x76fa9d35 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualQuery, address_out = 0x7661445a True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushFileBuffers, address_out = 0x7661469b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CopyFileW, address_out = 0x7663830d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Sleep, address_out = 0x766110ff True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetShortPathNameW, address_out = 0x7661d2f9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCommandLineW, address_out = 0x76615223 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenEventW, address_out = 0x766115d6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetErrorMode, address_out = 0x76611b00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DuplicateHandle, address_out = 0x76611886 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameW, address_out = 0x76614950 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateProcessW, address_out = 0x7661103d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RemoveDirectoryW, address_out = 0x766944cf True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenMutexA, address_out = 0x7662ec6f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetComputerNameW, address_out = 0x7661dd0e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemDirectoryW, address_out = 0x76615063 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ResumeThread, address_out = 0x766143ef True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventA, address_out = 0x7661328c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentVariableW, address_out = 0x76611b48 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateMutexA, address_out = 0x76614c6b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindFirstFileW, address_out = 0x76614435 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindNextFileW, address_out = 0x766154ee True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindClose, address_out = 0x76614442 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RegisterWaitForSingleObject, address_out = 0x7663cb05 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnregisterWaitEx, address_out = 0x7663b921 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateToolhelp32Snapshot, address_out = 0x7663735f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32FirstW, address_out = 0x76638baf True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32NextW, address_out = 0x7663896c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnregisterWait, address_out = 0x7669e6ab True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CancelIo, address_out = 0x7668bce9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LocalFree, address_out = 0x76612d3c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTempPathW, address_out = 0x7662d4dc True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTempFileNameW, address_out = 0x7663d1b6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualAlloc, address_out = 0x76611856 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualFree, address_out = 0x7661186e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualAllocEx, address_out = 0x7662d9b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteProcessMemory, address_out = 0x7662d9e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetThreadContext, address_out = 0x766379d4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadContext, address_out = 0x76695393 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualFreeEx, address_out = 0x7662d9c8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcAddress, address_out = 0x76611222 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcess, address_out = 0x76611809 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcessId, address_out = 0x7663cf04 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileA, address_out = 0x766153c6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsGetValue, address_out = 0x766111e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsAlloc, address_out = 0x766149ad True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsFree, address_out = 0x76613587 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateIoCompletionPort, address_out = 0x7662eef2 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = PostQueuedCompletionStatus, address_out = 0x7662ef29 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateProcess, address_out = 0x7662d802 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsSetValue, address_out = 0x766114fb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteTimerQueueTimer, address_out = 0x7662f7d3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateTimerQueueTimer, address_out = 0x7662f7eb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateNamedPipeA, address_out = 0x76691807 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ConnectNamedPipe, address_out = 0x766940fb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateDirectoryW, address_out = 0x76614259 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetExitCodeProcess, address_out = 0x7662174d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalFree, address_out = 0x76615558 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocaleInfoA, address_out = 0x7662d5e5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemTime, address_out = 0x76615a96 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalMemoryStatusEx, address_out = 0x7663d4c4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MultiByteToWideChar, address_out = 0x7661192e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VerSetConditionMask, address_out = 0x76fe92b9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VerifyVersionInfoA, address_out = 0x7662f803 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleA, address_out = 0x76611245 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrlenA, address_out = 0x76615a4b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetVolumeInformationW, address_out = 0x7662c860 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileInformationByHandle, address_out = 0x766153ae True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapAlloc, address_out = 0x76f9e026 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapFree, address_out = 0x766114c9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcessHeap, address_out = 0x766114e9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetUnhandledExceptionFilter, address_out = 0x766187c9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnhandledExceptionFilter, address_out = 0x7663772f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RtlUnwind, address_out = 0x7663d1c3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InterlockedCompareExchange, address_out = 0x76611484 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InterlockedExchange, address_out = 0x76611462 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentVariableA, address_out = 0x766133a0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryA, address_out = 0x766149d7 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeLibrary, address_out = 0x766134c8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteFileW, address_out = 0x766189b3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileAttributesW, address_out = 0x76611b18 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteFile, address_out = 0x76611282 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitThread, address_out = 0x76fcd598 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFilePointer, address_out = 0x766117d1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenProcess, address_out = 0x76611986 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleW, address_out = 0x766134b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessId, address_out = 0x766111f8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocalTime, address_out = 0x76615aa6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLastError, address_out = 0x766111c0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemInfo, address_out = 0x766149ca True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitProcess, address_out = 0x76617a10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ResetEvent, address_out = 0x766116dd True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LeaveCriticalSection, address_out = 0x76f92270 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnterCriticalSection, address_out = 0x76f922b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteCriticalSection, address_out = 0x76fa45f5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSection, address_out = 0x76fa2c42 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetEvent, address_out = 0x766116c5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventW, address_out = 0x7661183e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentThreadId, address_out = 0x76611450 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemTimeAsFileTime, address_out = 0x76613509 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SystemTimeToFileTime, address_out = 0x76615a7e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateThread, address_out = 0x76617a2f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForSingleObject, address_out = 0x76611136 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThread, address_out = 0x766134d5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OutputDebugStringA, address_out = 0x7663b2b7 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseHandle, address_out = 0x76611410 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount, address_out = 0x7661110c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadFile, address_out = 0x76613ed3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileSize, address_out = 0x7661196e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetQueuedCompletionStatus, address_out = 0x7662d3c3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileW, address_out = 0x76613f5c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = QueryPerformanceCounter, address_out = 0x76611725 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WideCharToMultiByte, address_out = 0x7661170d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryW, address_out = 0x7661492b True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetIconInfo, address_out = 0x74cc49ea True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetCursorPos, address_out = 0x74cc1218 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DrawIcon, address_out = 0x74cc8deb True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = ReleaseDC, address_out = 0x74cb7446 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetDesktopWindow, address_out = 0x74cc0a19 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetDC, address_out = 0x74cb72c4 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetSystemMetrics, address_out = 0x74cb7d2f True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetLastInputInfo, address_out = 0x74ccb382 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = CharLowerA, address_out = 0x74cc3e75 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetWindowRect, address_out = 0x74cb7f34 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetMessageW, address_out = 0x74cb78e2 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = PostMessageW, address_out = 0x74cc12a5 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = MessageBoxA, address_out = 0x74d0fd1e True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = MessageBoxW, address_out = 0x74d0fd3f True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = LoadImageA, address_out = 0x74cc8455 True 1
Fn
Get Address c:\windows\syswow64\crypt32.dll function = CryptImportPublicKeyInfo, address_out = 0x760e6c0e True 1
Fn
Get Address c:\windows\syswow64\crypt32.dll function = CryptStringToBinaryA, address_out = 0x76105d77 True 1
Fn
Get Address c:\windows\syswow64\crypt32.dll function = CryptDecodeObjectEx, address_out = 0x760dd718 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 11, address_out = 0x762f311b True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 9, address_out = 0x762f2d8b True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSASocketW, address_out = 0x762f3cd3 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSASendTo, address_out = 0x7630b30c True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 111, address_out = 0x762f37ad True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 3, address_out = 0x762f3918 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSARecvFrom, address_out = 0x762fcba6 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSAIoctl, address_out = 0x762f2fe7 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 21, address_out = 0x762f41b6 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 2, address_out = 0x762f4582 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 12, address_out = 0x762fb131 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSASend, address_out = 0x762f4406 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 5, address_out = 0x762f7147 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = 115, address_out = 0x762f3ab2 True 1
Fn
Get Address c:\windows\syswow64\ws2_32.dll function = WSARecv, address_out = 0x762f7089 True 1
Fn
Get Address c:\windows\syswow64\dnsapi.dll function = DnsWriteQuestionToBuffer_UTF8, address_out = 0x743cadbb True 1
Fn
Get Address c:\windows\syswow64\dnsapi.dll function = DnsExtractRecordsFromMessage_UTF8, address_out = 0x743caf44 True 1
Fn
Get Address c:\windows\syswow64\dnsapi.dll function = DnsFree, address_out = 0x743a436b True 1
Fn
Get Address c:\windows\syswow64\psapi.dll function = GetModuleBaseNameA, address_out = 0x74c915a4 True 1
Fn
Get Address c:\windows\syswow64\ole32.dll function = CoCreateGuid, address_out = 0x767515d5 True 1
Fn
Get Address c:\windows\syswow64\ole32.dll function = CoInitializeEx, address_out = 0x767509ad True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptGetHashParam, address_out = 0x74eadf7e True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptReleaseContext, address_out = 0x74eae124 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptAcquireContextW, address_out = 0x74eadf14 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptCreateHash, address_out = 0x74eadf4e True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptHashData, address_out = 0x74eadf36 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetUserNameW, address_out = 0x74eb157a True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = InitializeSecurityDescriptor, address_out = 0x74eb4620 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = SetSecurityDescriptorDacl, address_out = 0x74eb415e True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptVerifySignatureW, address_out = 0x74eac54a True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptDestroyKey, address_out = 0x74eac51a True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExA, address_out = 0x74eb4907 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegQueryValueExA, address_out = 0x74eb48ef True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCloseKey, address_out = 0x74eb469d True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = OpenProcessToken, address_out = 0x74eb4304 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetTokenInformation, address_out = 0x74eb431c True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetSidSubAuthorityCount, address_out = 0x74eb0e0c True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetSidSubAuthority, address_out = 0x74eb0e24 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = AllocateAndInitializeSid, address_out = 0x74eb40e6 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CheckTokenMembership, address_out = 0x74eadf04 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = FreeSid, address_out = 0x74eb412e True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptDestroyHash, address_out = 0x74eadf66 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = CommandLineToArgvW, address_out = 0x74f59ee8 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ShellExecuteExW, address_out = 0x74f61e46 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = SHGetFolderPathW, address_out = 0x74fc5708 True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathIsDirectoryW, address_out = 0x7607ff07 True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = 12, address_out = 0x7608158a True 1
Fn
Get Address c:\windows\syswow64\shlwapi.dll function = PathAppendW, address_out = 0x760881ef True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpGetIEProxyConfigForCurrentUser, address_out = 0x7435257e True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpAddRequestHeaders, address_out = 0x74359dfb True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpOpen, address_out = 0x743458b9 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpCloseHandle, address_out = 0x74342c01 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpConnect, address_out = 0x7434d9f5 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpOpenRequest, address_out = 0x74344aea True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpSetOption, address_out = 0x74343f6c True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpSendRequest, address_out = 0x743479bd True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpReceiveResponse, address_out = 0x7434b262 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpWriteData, address_out = 0x7435abfd True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpQueryHeaders, address_out = 0x7434ba51 True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpQueryDataAvailable, address_out = 0x7435c5dd True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpReadData, address_out = 0x7434cb9e True 1
Fn
Get Address c:\windows\syswow64\winhttp.dll function = WinHttpSetStatusCallback, address_out = 0x74345ebd True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleDC, address_out = 0x764054f4 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SelectObject, address_out = 0x76404f70 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = BitBlt, address_out = 0x76405ea6 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteDC, address_out = 0x764058b3 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteObject, address_out = 0x76405689 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDeviceCaps, address_out = 0x76404de0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleBitmap, address_out = 0x76405f49 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlRandom, address_out = 0x770398c3 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = ZwQueryObject, address_out = 0x76f8f9e8 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlImageNtHeader, address_out = 0x76fa3164 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = ZwQuerySystemInformation, address_out = 0x76f8fda0 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtQuerySystemInformation, address_out = 0x76f8fda0 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusStartup, address_out = 0x74185600 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdiplusShutdown, address_out = 0x741856be True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipAlloc, address_out = 0x741a2437 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCreateBitmapFromHBITMAP, address_out = 0x74196671 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImageEncodersSize, address_out = 0x741a2203 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipGetImageEncoders, address_out = 0x741a228c True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipSaveImageToStream, address_out = 0x74194153 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipDisposeImage, address_out = 0x74194cc8 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipFree, address_out = 0x741a24b2 True 1
Fn
Get Address c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll function = GdipCloneImage, address_out = 0x74194bfa True 1
Fn
Get Address c:\windows\syswow64\netapi32.dll function = NetApiBufferFree, address_out = 0x745b13d2 True 1
Fn
Get Address c:\windows\syswow64\netapi32.dll function = NetWkstaGetInfo, address_out = 0x74145570 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = malloc, address_out = 0x76a49cee True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = vsprintf, address_out = 0x76ab7677 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = free, address_out = 0x76a49894 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = ??3@YAXPAX@Z, address_out = 0x76a4b0b9 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = ??2@YAPAXI@Z, address_out = 0x76a4b0c9 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = memcpy, address_out = 0x76a49910 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = memmove, address_out = 0x76a49e5a True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = puts, address_out = 0x76ab8d04 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = abort, address_out = 0x76aa8e53 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = memset, address_out = 0x76a49790 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strlen, address_out = 0x76a543d3 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcslen, address_out = 0x76a5d335 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = exit, address_out = 0x76a536aa True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = realloc, address_out = 0x76a4b10d True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strncmp, address_out = 0x76a4b443 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _strcmpi, address_out = 0x76a4db38 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _vsnwprintf, address_out = 0x76a4bbce True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _purecall, address_out = 0x76aa6ea9 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = tolower, address_out = 0x76a4c4f0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = atoi, address_out = 0x76a4dbe0 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strcmp, address_out = 0x76a58b11 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = atol, address_out = 0x76a4ddf4 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _wcsicmp, address_out = 0x76a4a9e9 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _snwprintf, address_out = 0x76a695d1 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcscmp, address_out = 0x76a5d3b7 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcsrchr, address_out = 0x76a4a73f True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcscpy, address_out = 0x76a5d4f8 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _errno, address_out = 0x76a4a5b8 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = wcschr, address_out = 0x76a4aa61 True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = strchr, address_out = 0x76a4dbeb True 1
Fn
Get Address c:\windows\syswow64\msvcrt.dll function = _iob, address_out = 0x76ae2900 True 1
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image